Database error 1064

danwaterloo · March 11, 2018, 3:49am

I’m getting this error at the top of many pages:

Database error 1064 while doing query You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'margin: 0px; background: #EBEBEB; color: #666; padding: 0px;">"' at line 1

and a bunch more similar.
I checked the database, it’s all in good shape. Nothing changed in the installation.
Any suggestions where to look to figure out what is going on? Thanks, Dan

Crenel84 · March 12, 2018, 1:07am

If nothing changed in the code, you have to look at what other changes have been made, and the next place I’d look in this case is changes in the data – whether in the database or files on disk. Here you clearly have unescaped data being treated as SQL code. In this case the data is CSS code. Did you change anything recently related to CSS?

This doesn’t mean the problem is in the data (i.e., CSS); in fact, at first glance I would guess that a change in the data brought up a problem in the code, since that CSS code should never have been attempted as SQL. This could be hinting at a security problem (SQL injection vulnerability). Unfortunately, without more details, and with me lacking in-depth knowledge of phpList, I can’t offer anything more specific.

danwaterloo · March 12, 2018, 2:41am

Thanks, I agree that it didn’t seem to have anything to do with the css…

I did analyze and optimize all of the tables in the database, it seems like that may have fixed the issue… the last couple of tables (sorted alphabetically) seemed like they took a while. Perhaps another factor is the browser cache needed to expire?

Anyways, now it’s working well. Thanks for the input.

Dan

Crenel84 · March 12, 2018, 2:52am

Definitely should not have been related to the browser cache. At least I would hope not, that would probably imply a vulnerability allowing untrusted SQL coming from the client side. It’s good that your system is working, but from a problem analysis standpoint it would have been good to be able to get a snapshot of the state of the system (data included) to see where that server-side error was coming from. If I had time, I’d go hunting for suspect code, but I can’t really afford to do that now (especially since I have never looked at the phpList code and would have a lot of learning/orienting to do before I could look for this problem in particular).

danwaterloo · March 12, 2018, 3:09am

Thanks for the feedback. My hunch is that there was some kind of problem in one of the database tables. I upgraded the system from 3.2.1 to 3.3.1, and the problem still existed. I then updated the database, and it took a while to add unique codes to each user_user.

So I don’t think it was in the phpList code, that hasn’t changed for years. My user said they didn’t do anything (I suspect that they imported a list or something like that).

I looked in the database in the config table and didn’t see anything that looked odd, so now that it’s working, I’m going to not look back.

Thanks, I appreciate the input.