Latest News: (loading..)
Issue Information
-
#000186
-
0 - None Assigned
-
New
-
2.3.1
-
-
Issue Confirmations
-
Yes (0)No (0)
0
Hi
After a clean install of osC v2.31 onto my live site I am seeing this in whos online.
The products_id is always different but they are all valid products.
It happens about twice a day and usually caused by foreign visitors (possibly hackers)
My site is UK and GBP only so I do not have languages or currencies enabled.
Server OS: Linux 2.6.24.3
Database: MySQL 5.1.30-log
HTTP Server: Apache
PHP Version: 5.2.5 (Zend: 2.2.0)
Regards
Ken
After a clean install of osC v2.31 onto my live site I am seeing this in whos online.
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 1 select products_name from products_description where products_id='798'' and language_id = '1' [TEP STOP]
The products_id is always different but they are all valid products.
It happens about twice a day and usually caused by foreign visitors (possibly hackers)
My site is UK and GBP only so I do not have languages or currencies enabled.
Server OS: Linux 2.6.24.3
Database: MySQL 5.1.30-log
HTTP Server: Apache
PHP Version: 5.2.5 (Zend: 2.2.0)
Regards
Ken
Hi Ken44
this is intresting.
Example:
There would be one $pInfo->products_id problem.
error caused by '' in your sql:
Does your error go last_page_url field from who_is_online table or not? Could you exam the table and try to find
Are there ' after 798?
this is intresting.
Example:
tep_get_products_name($pInfo->products_id, $languages[$i]['id']);
There would be one $pInfo->products_id problem.
error caused by '' in your sql:
products_id='798'' and
Does your error go last_page_url field from who_is_online table or not? Could you exam the table and try to find
/product_info.php?products_id=798'
Are there ' after 798?
Edited by Gergely, 05 January 2011 - 02:09 PM.
Hi Tóth
Thanks for your reply.
I did double check my database and it is fine, and most of the time other customers visit these products with no problems.
I used to get this same problem (very occasionally) with osC v2.2 but I had so many mods that I used to think it was probably a contribution causing the problem but now my site is standard osCv2.31 + Security Pro + Whos online v3.54. and I saw the error before installing Security Pro.
I also see that others have reported similar problems (but when deleting products)
http://forums.oscommerce.com/topic/144095-1064-you-have-an-error-in-your-sql-syntax/page__view__findpost__p__619741
This will be difficult to find because I see no error in my errors log. The only way to see it is by keeping a constant watch on last_page_url in who’s online (which I do).
Here is the entry in my server Access log. There is no entry in the Errors log.
If I find any more info I will post it here.
Regards
Ken
Thanks for your reply.
I did double check my database and it is fine, and most of the time other customers visit these products with no problems.
I used to get this same problem (very occasionally) with osC v2.2 but I had so many mods that I used to think it was probably a contribution causing the problem but now my site is standard osCv2.31 + Security Pro + Whos online v3.54. and I saw the error before installing Security Pro.
I also see that others have reported similar problems (but when deleting products)
http://forums.oscommerce.com/topic/144095-1064-you-have-an-error-in-your-sql-syntax/page__view__findpost__p__619741
This will be difficult to find because I see no error in my errors log. The only way to see it is by keeping a constant watch on last_page_url in who’s online (which I do).
Here is the entry in my server Access log. There is no entry in the Errors log.
mysite.co.uk 61.119.102.75 - - [04/Jan/2011:21:17:58 +0000] "GET /product_info.php?products_id=798' HTTP/1.1" 200 5709 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)"
If I find any more info I will post it here.
Regards
Ken
Hi
Here are three more examples. All from todays Logfiles. libwww-perl/5.837 seems to be responsible for two of them.
Who’s Online
And the corresponding Access Log
Who’s Online
And the corresponding Access Log
This one is similar but on a category
Who’s Online
And the corresponding Access Log
I did find an easy way to look for these, Open the server Access log and search for
Is no-one else getting these? Or are they just getting missed because there is no entry in the error log?
Regards
Ken
Here are three more examples. All from todays Logfiles. libwww-perl/5.837 seems to be responsible for two of them.
Who’s Online
00:00:00 libwww-perl hosted-by.altushost.com 10:34:02 am 10:34:02 am 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 1 select products_name from products_description where products_id='122'' and language_id = '1' [TEP STOP]
And the corresponding Access Log
mysite.co.uk 79.142.64.105 - - [06/Jan/2011:10:34:01 +0000] "GET //product_info.php?products_id=122' HTTP/1.1" 200 21850 "-" "libwww-perl/5.837"
Who’s Online
00:00:00 libwww-perl 180.245.252.66 04:20:57 pm 04:20:57 pm 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 1 select products_name from products_description where products_id='861%20'' and language_id = '1' [TEP STOP]
And the corresponding Access Log
mysite.co.uk 180.245.252.66 - - [06/Jan/2011:16:20:56 +0000] "GET /product_info.php?products_id=861%20' HTTP/1.1" 200 20306 "-" "libwww-perl/5.814"
This one is similar but on a category
Who’s Online
00:00:00 Guest 178.162.190.117 04:26:32 pm 04:26:32 pm 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' and language_id = '1'' at line 1 select categories_name from categories_description where categories_id=''1' and language_id = '1' [TEP STOP]
And the corresponding Access Log
mysite.co.uk 178.162.190.117 - - [06/Jan/2011:16:26:32 +0000] "GET /index.php?cPath='1_4 HTTP/1.1" 200 34073 "-" "-"
I did find an easy way to look for these, Open the server Access log and search for
‘ HTTP
Is no-one else getting these? Or are they just getting missed because there is no entry in the error log?
Regards
Ken
Hi Ken,
Yes, someone else gets these errors ... me! I installed version 2.2 in 2008, and, like you, I get this error once or twice a day in "Who's Online". I've never been sure if it's hackers. No customers have ever complained, nor have I ever seen the same "user" go on and browse successfully. Hm. I'd love to know what it is, as I'm afraid a real customer will encounter this error. What they would see, I don't know.
I just don't like not knowing what it is. If you ever find out, please post!
Best wishes,
~Wendy
Yes, someone else gets these errors ... me! I installed version 2.2 in 2008, and, like you, I get this error once or twice a day in "Who's Online". I've never been sure if it's hackers. No customers have ever complained, nor have I ever seen the same "user" go on and browse successfully. Hm. I'd love to know what it is, as I'm afraid a real customer will encounter this error. What they would see, I don't know.
I just don't like not knowing what it is. If you ever find out, please post!
Best wishes,
~Wendy
