Page 1 of 1

Does anyone understand this error in SQL syntax

Posted: Wed Jan 11, 2017 6:37 am
by yorkshireboy
Can anyone help me to understand what the below means - keep getting this error and can't figure out how to fix it

2017-01-07 19:04:44 - PHP Notice: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'A=0'' at line 1<br />Error No: 1064<br />SELECT * FROM url_alias WHERE `query` = 'route=0' OR `query` = 'product/product'A=0' in /www/sites/52c/8c8/shop.angeldancewear.co.uk/web/system/library/db/mysqli.php on line 41

site is https://shop.angeldancewear.co.uk/

All help appreaciated

Re: Does anyone understand this error in SQL syntax

Posted: Wed Jan 11, 2017 4:37 pm
by sculptex
Remove the apostrophe before A=0

Re: Does anyone understand this error in SQL syntax

Posted: Thu Jan 12, 2017 3:30 am
by yorkshireboy
Thanks @sculptex for the advice - but there is no such entry in my sql.

Is this an SQL injection attack? - and if so, what can be done to stop them?
Thanks

Re: Does anyone understand this error in SQL syntax

Posted: Thu Jan 12, 2017 7:13 pm
by uksitebuilder
Looks like this is doing the rounds

I blocked an IP from Aberdeen (Tiscali) today who was also trying that A=0 nonsense

Didn't get any errors in latest version of OC though.

Re: Does anyone understand this error in SQL syntax

Posted: Fri Jan 13, 2017 6:54 am
by yorkshireboy
How did you identify the IP address in order to block it??

Re: Does anyone understand this error in SQL syntax

Posted: Fri Jan 13, 2017 3:30 pm
by uksitebuilder
It was in the Customers Online Report list (accessible from the dashboard)