这个mysql错误意味着什么?

时间:2016-01-12 14:29:37

标签: mysqli

我收到以下错误:

1064 You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use 
near 'AND `hackcount` >= 3' at line 1 SQL=SELECT COUNT(*) from 
`xxxxx_mi_iptable` WHERE ip = AND `hackcount` >= 3

这是什么意思?我该怎么做才能解决这个问题?

2 个答案:

答案 0 :(得分:3)

您的WHERE条款中存在错误:

WHERE ip = AND `hackcount` >= 3

ip等于什么,究竟是什么?你忘了在那里放一个值。

答案 1 :(得分:0)

看起来你正在使用Joomla插件“Marco的SQL注入”(http://www.mmleoni.net/sql-iniection-lfi-protection-plugin-for-joomla)。

它有一行试图检测当前客户端的IP 

$remoteIP = $_SERVER['REMOTE_ADDR'];

因为REMOTE_ADDR并不总是存在/可靠/足够以下SQL查询

$sql = "SELECT COUNT(*) from `#__mi_iptable` WHERE ip = '{$remoteIP}' AND `hackcount` >= {$this->p_ipBlockCount}" ;

失败。

插件应该使用类似的东西

if (isset($_SERVER['REMOTE_ADDR']))
{
$remoteIP = $_SERVER['REMOTE_ADDR'];
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$remoteIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$remoteIP = $_SERVER['HTTP_CLIENT_IP'];
}
相关问题
最新问题