Had a customer send this error in. I’m not able to replicate it at all, and an uninstall/reinstall solved it for the customer. Any ideas on this or even where to begin?
Without at least a part of the code, it is difficult to know.
Do you use database in your application?
Yes, we use Corona’s built-in sqlite implementation.
This could mean that you have a vector for sql injection. Are you using prepared statements and binding your variables?
I had considered that. I’m not using prepared statements, but also all the queries we run have zero user input. They are mostly hard coded statements and any variables aren’t altered by the end user. In addition, this user that emailed us definatley was not doing sql injection.
any variables aren’t altered by the end user
But they are altered by your code? I can’t be sure but my bet would be one or more of those variables ends up in a state that results in a query the SQL parser refuses.
I’m suggesting this, because it’s unlikely that you get syntax error from lua itself, unless you do some metaprograming.
Yes you’re probably right, thanks for the insight! We’ll review our SQL for any potential errors.