這個mysql錯誤是什麼意思？

Question

我得到以下錯誤：

1064 You have an error in your SQL syntax; check the manual that 
corresponds to your MySQL server version for the right syntax to use 
near 'AND `hackcount` >= 3' at line 1 SQL=SELECT COUNT(*) from 
`xxxxx_mi_iptable` WHERE ip = AND `hackcount` >= 3 

這是什麼意思？我應該怎麼做才能解決這個問題？

Answer 1

有你WHERE第一個錯誤：

WHERE ip = AND `hackcount` >= 3 

凡ip等於什麼，到底是什麼？你忘了在那裏投入價值。

Answer 2

看起來你使用的是Joomla插件「Marco的SQL注入」（http://www.mmleoni.net/sql-iniection-lfi-protection-plugin-for-joomla）。

它有嘗試檢測當前的客戶端

$remoteIP = $_SERVER['REMOTE_ADDR']; 

的IP，因爲REMOTE_ADDR並不總是存在/可靠/充分下面的SQL查詢

$sql = "SELECT COUNT(*) from `#__mi_iptable` WHERE ip = '{$remoteIP}' AND `hackcount` >= {$this->p_ipBlockCount}" ; 

失敗線。

插件應該使用類似這樣

if (isset($_SERVER['REMOTE_ADDR'])) 
{ 
$remoteIP = $_SERVER['REMOTE_ADDR']; 
} 
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) 
{ 
$remoteIP = $_SERVER['HTTP_X_FORWARDED_FOR']; 
} 
elseif (isset($_SERVER['HTTP_CLIENT_IP'])) 
{ 
$remoteIP = $_SERVER['HTTP_CLIENT_IP']; 
}