XF 1.4 User unable to send message, server error log

Hi,

one of the users on my forum can't send messages or reply to them, below is the error that I have in my error logs, anyone know what this could be? thanks :)

Zend_Db_Statement_Mysqli_Exception: Mysqli prepare error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm willing to help you out as much as possible! Your doing a great job!','1435639' at line 1 - library/Zend/Db/Statement/Mysqli.php:77
 
Can you post the full stack trace of the error from the log?

Admin CP -> Tools -> Server Error Log

It looks like it may be unescaped user input which is very likely to be from an addon. The stack trace might identify the addon.
 
Can you post the full stack trace of the error from the log?

Admin CP -> Tools -> Server Error Log

It looks like it may be unescaped user input which is very likely to be from an addon. The stack trace might identify the addon.

Thanks for the reply! :)

This is what it says in stack trace

#0 /home/crewnetw/public_html/library/Zend/Db/Statement.php(115): Zend_Db_Statement_Mysqli->_prepare('insert into com...')
#1 /home/crewnetw/public_html/library/Zend/Db/Adapter/Mysqli.php(381): Zend_Db_Statement->__construct(Object(Zend_Db_Adapter_Mysqli), 'insert into com...')
#2 /home/crewnetw/public_html/library/Zend/Db/Adapter/Abstract.php(478): Zend_Db_Adapter_Mysqli->prepare('insert into com...')
#3 /home/crewnetw/public_html/library/CometChat/Conversation.php(39): Zend_Db_Adapter_Abstract->query('insert into com...')
#4 /home/crewnetw/public_html/library/XenForo/DataWriter.php(1409): CometChat_Conversation->_postSave()
#5 /home/crewnetw/public_html/library/XenForo/DataWriter/ConversationMessage.php(155): XenForo_DataWriter->save()
#6 /home/crewnetw/public_html/library/XenForo/DataWriter.php(1409): XenForo_DataWriter_ConversationMessage->_postSave()
#7 /home/crewnetw/public_html/library/XenForo/ControllerPublic/Conversation.php(1130): XenForo_DataWriter->save()
#8 /home/crewnetw/public_html/library/XenForo/FrontController.php(347): XenForo_ControllerPublic_Conversation->actionInsertReply()
#9 /home/crewnetw/public_html/library/XenForo/FrontController.php(134): XenForo_FrontController->dispatch(Object(XenForo_RouteMatch))
#10 /home/crewnetw/public_html/index.php(13): XenForo_FrontController->run()
#11 {main}
 
I have a support ticket open with them now, would you advise that I disable the add on? as you mention a security concern and I don't want it to be able to affect my users or the forum :/

Thanks for the advice also
 
I have a support ticket open with them now, would you advise that I disable the add on? as you mention a security concern and I don't want it to be able to affect my users or the forum :/

Thanks for the advice also

SQL injection is potentially horrible if a capable person wants to exploit it (read data loss). Disabling the addon might be advisable.

I can't be sure it's SQL injection, but from the error message it looks like it.
 
Top Bottom