WHERE contains SQL that is not allowed

  • Resolved bobbrown99

    (@bobbrown99)


    1 month, 4 weeks ago

    Hi there,

    I am trying to get pods to only display if the date is today or in the future. When I try to include the relevant code in a shortcode on the page, I get the error: “Pods Embed Error: WHERE contains SQL that is not allowed.”

    The shortcode is:

    [pods name="event" template="events" orderby="date_and_time.meta_value ASC" where="CAST( date_and_time.meta_value AS DATETIME ) >= NOW()" ]

    It works perfectly fine without the where= SQL component.

    I have reviewed other posts here and elsewhere but the solution proposed does not resolve my issue.

    To clarify, I have tried:

    1. Allowing “unrestricted” and ” restricted” under “Allow SQL clauses to be used in Dynamic Features” in Pods Admin > Settings > Security section
    2. Allowing “unrestricted” in the specific pod option
    3. Clearing the Pods cache
    4. Turned off all caches for the website
    5. Clearing browser cache
    6. Trying multiple browsers

    The pod is public and dynamic features are enabled.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support pdclark

    (@pdclark)

    4 weeks ago

    Typecasting NOW() should cause the comparison to work.

    where="CAST( date_and_time.meta_value AS DATETIME ) >= CAST( NOW() AS DATETIME )"

    Thread Starter bobbrown99

    (@bobbrown99)

    3 weeks, 6 days ago

    Hi there,

    Thanks for your response. I have just tried what you suggested and I get the same error: “Pods Embed Error: WHERE contains SQL that is not allowed.”

    For clarity the full shortcode is:

    [pods name="event" template="events" orderby="date_and_time.meta_value ASC" where="CAST( date_and_time.meta_value AS DATETIME ) >= CAST( NOW() AS DATETIME )"]

    Plugin Support pdclark

    (@pdclark)

    1 week, 4 days ago

    On Pods Admin > Settings, change Allow SQL clauses to be used in Dynamic Features to Restricted or Unrestricted, not Disable

    Thread Starter bobbrown99

    (@bobbrown99)

    1 week, 3 days ago

    Hi there,

    As per my original message, I have already done that. Please see this screenshot below for my current setting:

    View post on imgur.com
    Plugin Support pdclark

    (@pdclark)

    1 week, 3 days ago

    Testing again, it appears there is a recent change causing > to be flagged as a false positive for security reasons.

    That issue has been submitted to the GitHub team for resolution. In the meantime, this worked in testing and has the same effect:

    where="CAST( date_and_time.meta_value AS DATETIME ) BETWEEN NOW() - INTERVAL 5 HOUR AND '9999-12-31 23:59:59'"

    …where NOW() - 5 HOUR is any desired timezone offset, as the calculation of current time will be based on the database timezone configuration separate from WP.

    Thread Starter bobbrown99

    (@bobbrown99)

    1 week, 2 days ago

    Thank you, that has fixed it

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.