1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 User unable to send message, server error log

Discussion in 'Troubleshooting and Problems' started by screechout, Jun 30, 2015.

  1. screechout

    screechout Member


    one of the users on my forum can't send messages or reply to them, below is the error that I have in my error logs, anyone know what this could be? thanks :)

    Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm willing to help you out as much as possible! Your doing a great job!','1435639' at line 1 - library/Zend/Db/Statement/Mysqli.php:77
  2. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    Can you post the full stack trace of the error from the log?

    Admin CP -> Tools -> Server Error Log

    It looks like it may be unescaped user input which is very likely to be from an addon. The stack trace might identify the addon.
  3. screechout

    screechout Member

    Thanks for the reply! :)

    This is what it says in stack trace

    #0 /home/crewnetw/public_html/library/Zend/Db/Statement.php(115): Zend_Db_Statement_Mysqli->_prepare('insert into com...')
    #1 /home/crewnetw/public_html/library/Zend/Db/Adapter/Mysqli.php(381): Zend_Db_Statement->__construct(Object(Zend_Db_Adapter_Mysqli), 'insert into com...')
    #2 /home/crewnetw/public_html/library/Zend/Db/Adapter/Abstract.php(478): Zend_Db_Adapter_Mysqli->prepare('insert into com...')
    #3 /home/crewnetw/public_html/library/CometChat/Conversation.php(39): Zend_Db_Adapter_Abstract->query('insert into com...')
    #4 /home/crewnetw/public_html/library/XenForo/DataWriter.php(1409): CometChat_Conversation->_postSave()
    #5 /home/crewnetw/public_html/library/XenForo/DataWriter/ConversationMessage.php(155): XenForo_DataWriter->save()
    #6 /home/crewnetw/public_html/library/XenForo/DataWriter.php(1409): XenForo_DataWriter_ConversationMessage->_postSave()
    #7 /home/crewnetw/public_html/library/XenForo/ControllerPublic/Conversation.php(1130): XenForo_DataWriter->save()
    #8 /home/crewnetw/public_html/library/XenForo/FrontController.php(347): XenForo_ControllerPublic_Conversation->actionInsertReply()
    #9 /home/crewnetw/public_html/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
    #10 /home/crewnetw/public_html/index.php(13): XenForo_FrontController->run()
    #11 {main}
  4. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    I see 'CometChat'. That is the addon responsible. You should contact the author as the addon appears to be allowing for SQL injection which is a security concern.
    screechout likes this.
  5. screechout

    screechout Member

    I have a support ticket open with them now, would you advise that I disable the add on? as you mention a security concern and I don't want it to be able to affect my users or the forum :/

    Thanks for the advice also
  6. Jake Bunce

    Jake Bunce XenForo Moderator Staff Member

    SQL injection is potentially horrible if a capable person wants to exploit it (read data loss). Disabling the addon might be advisable.

    I can't be sure it's SQL injection, but from the error message it looks like it.

Share This Page