Gestern spuckte mein Shop ein Dutzend Fehlermeldungen per Email aus, wie z.B. den hier:
1064 - You have an error IN your SQL syntax; CHECK the manual that corresponds
TO your
MySQL server version FOR the RIGHT syntax TO USE near ') ) or (
pd.products_keywords
LIKE ('%3722=3722%') OR pd.products_description' at line 20
SELECT DISTINCT
p.products_manufacturers_model,
p.products_id,
p.products_ean,
p.products_quantity,
p.products_shippingtime,
p.products_model,
p.products_image,
p.products_price,
p.products_weight,
p.products_tax_class_id,
p.products_fsk18,
p.products_vpe,
p.products_vpe_status,
p.products_vpe_value,
pd.products_name,
pd.products_short_description,
pd.products_description FROM products AS p LEFT JOIN
products_description AS pd ON (p.products_id = pd.products_id) LEFT OUTER
JOIN
products_attributes AS pa ON (p.products_id = pa.products_id) LEFT OUTER JOIN
products_options_values AS pov ON (pa.options_values_id =
pov.products_options_values_id)
LEFT OUTER JOIN specials AS s ON (p.products_id = s.products_id) AND s.status =
'1'
WHERE p.products_status = 1
AND pd.language_id = '2' AND ( ( pd.products_keywords LIKE ('%bomz%') OR
pd.products_description LIKE ('%bomz%') OR pd.products_short_description LIKE
('%bomz%')
OR pd.products_meta_keywords LIKE ('%bomz%') OR pd.products_name LIKE ('%bomz%')
OR
p.products_model LIKE ('%bomz%') OR p.products_ean LIKE ('%bomz%') OR
p.products_manufacturers_model LIKE ('%bomz%') OR pd.products_meta_keywords
LIKE
('%bomz%') OR pa.attributes_model LIKE ('%bomz%') OR pa.attributes_ean LIKE
('%bomz%') OR
(pov.products_options_values_name LIKE ('%bomz%') AND pov.language_id = '2') AND
pd.products_autor LIKE ('%bomz%') OR pd.products_keywords LIKE ('%bomz%') OR
pd.products_meta_keywords LIKE ('%bomz%') ) AND ( pd.products_keywords
LIKE
('%-7916%\'%') OR pd.products_description LIKE ('%-7916%\'%') OR
pd.products_short_description LIKE ('%-7916%\'%') OR pd.products_meta_keywords
LIKE
('%-7916%\'%') OR pd.products_name LIKE ('%-7916%\'%') OR p.products_model
LIKE
('%-7916%\'%') OR p.products_ean LIKE ('%-7916%\'%') OR
p.products_manufacturers_model
LIKE ('%-7916%\'%') OR pd.products_meta_keywords LIKE ('%-7916%\'%') OR
pa.attributes_model LIKE ('%-7916%\'%') OR pa.attributes_ean LIKE ('%-7916%\'%')
OR
(pov.products_options_values_name LIKE ('%-7916%\'%') AND pov.language_id = '2')
AND
pd.products_autor LIKE ('%-7916%\'%') OR pd.products_keywords LIKE
('%-7916%\'%') OR
pd.products_meta_keywords LIKE ('%-7916%\'%') ) ) ) ) OR (
pd.products_keywords
LIKE ('%3722=3722%') OR pd.products_description LIKE ('%3722=3722%') OR
pd.products_short_description LIKE ('%3722=3722%') OR pd.products_meta_keywords
LIKE
('%3722=3722%') OR pd.products_name LIKE ('%3722=3722%') OR p.products_model
LIKE
('%3722=3722%') OR p.products_ean LIKE ('%3722=3722%') OR
p.products_manufacturers_model
LIKE ('%3722=3722%') OR pd.products_meta_keywords LIKE ('%3722=3722%') OR
pa.attributes_model LIKE ('%3722=3722%') OR pa.attributes_ean LIKE
('%3722=3722%') OR
(pov.products_options_values_name LIKE ('%3722=3722%') AND pov.language_id =
'2') AND
pd.products_autor LIKE ('%3722=3722%') OR pd.products_keywords LIKE
('%3722=3722%') OR
pd.products_meta_keywords LIKE ('%3722=3722%') ) AND ( ( ( (
pd.products_keywords
LIKE ('%\'%\'=\'%') OR pd.products_description LIKE ('%\'%\'=\'%') OR
pd.products_short_description LIKE ('%\'%\'=\'%') OR pd.products_meta_keywords
LIKE
('%\'%\'=\'%') OR pd.products_name LIKE ('%\'%\'=\'%') OR p.products_model
LIKE
('%\'%\'=\'%') OR p.products_ean LIKE ('%\'%\'=\'%') OR
p.products_manufacturers_model
LIKE ('%\'%\'=\'%') OR pd.products_meta_keywords LIKE ('%\'%\'=\'%') OR
pa.attributes_model LIKE ('%\'%\'=\'%') OR pa.attributes_ean LIKE ('%\'%\'=\'%')
OR
(pov.products_options_values_name LIKE ('%\'%\'=\'%') AND pov.language_id = '2')
AND
pd.products_autor LIKE ('%\'%\'=\'%') OR pd.products_keywords LIKE
('%\'%\'=\'%') OR
pd.products_meta_keywords LIKE ('%\'%\'=\'%') ) ) GROUP BY p.products_id
ORDER BY
p.products_id
Request URL:
www.twilightbooks.de/advanced_search_result.php?MODsid=i9p57l1gqut3enji4uavd4lle
7&keywords_autor=-7916%25%27%29%29%29%20OR%203722%3D3722%20AND%20%28%28%28%27%25
%27%3D%27&keywords_titel=&keywords=bOmz
[XT SQL Error]
Offenbar hat jemand mit einem SQL-Tool den Shop abgeklopft. Stört mich ja nicht, nur die Fehlermeldungen dürften ja nicht da sein. Bei einigen Eingaben hat der Shop auch brav 0 oder alle Produkte als Treffer ausgegeben und keinen Fehler. Die Suche ist modifiziert, hat zwei weitere Suchfelder bekommen und funktioniert ansonsten problemlos.
Muß ich mir da jetzt Sorgen machen?
Shop: 1.06 SP3, PHP 5.6, modifizierte advanced_search_result.php
Linkback: https://www.modified-shop.org/forum/index.php?topic=34879.0 
