Shopify protection from SQL injection attempts?

jordancrawford · ‎12-04-2020

Hey Shopify community,

During my normal monitoring of my store, I noted some strange strings of text in the "some of your visitors can't find what they're looking for" widget over the past few days.

I don't have a lot of programming background, but to me these seem like they could be attempts at SQL injections to my store or some other sort of malicious intrusion attempt:

"0 xor if now sysdate sleep 12 0 xor z"

"if now sysdate sleep 12 0"

"1 waitfor delay 0 0 12"

We haven't noticed anything unusual and I would imagine Shopify has appropriately sanitized the inputs for customer-facing fields, but I wanted to reach out and see if this was something I need to be more concerned about. Thanks in advance to anyone with input on this!

luc1d · ‎12-05-2020

Hi, which widget is that? Can you share related admin page link with me.

Shopify protection from SQL injection attempts?

A Purpose-Driven Marketplace

Best theme for selling courses

Set minimum product price

Orders not showing up

How to change Delivery to pick up

Re: Is it possible not to send customer an email when creating Draft orders?

A Purpose-Driven Marketplace

Re: Verifying my account with ID or SSN at 17

Best theme for selling courses

Re: Shopify Store Closed For 6 or More Days After Choosing a Payment Plan