Shopify protection from SQL injection attempts?

Shopify protection from SQL injection attempts?

1 0 2

Hey Shopify community,

During my normal monitoring of my store, I noted some strange strings of text in the "some of your visitors can't find what they're looking for" widget over the past few days.

I don't have a lot of programming background, but to me these seem like they could be attempts at SQL injections to my store or some other sort of malicious intrusion attempt:

"0 xor if now sysdate sleep 12 0 xor z"

"if now sysdate sleep 12 0"

"1 waitfor delay 0 0 12"

We haven't noticed anything unusual and I would imagine Shopify has appropriately sanitized the inputs for customer-facing fields, but I wanted to reach out and see if this was something I need to be more concerned about. Thanks in advance to anyone with input on this!

Replies 5 (5)

1 0 0

Hi, which widget is that? Can you share related admin page link with me.

4 0 3

We're seeing the same thing. 

  • if now sysdate sleep 12 0
  • 0 xor if now sysdate sleep 12 0 xor z
  • 1 waitfor delay 0 0 12
3 0 0

I was just reading about it on reddit forums by accident. This seems to be probably some weak attack en masse. Shopify engineers for sure secured obvious things like that.

4 0 1

Hi Shopify Community!


Same thing happened in my store in the search widget. 

It appears like this " búsqueda waitfor delay 0 0 5" 


Do you know if this is an attack? Does my customer's data is protected?


Thank you for your answer. 

Shopify Partner
17 0 8


Did you get an answer about this issue? We are having the same issue, right now.


Does anyone know if this should be a concern and/or what we should do about it?