SQL Statments in server.log - How?


Looks like something related to PayPal. Do you use PayPal in your app?

Yes - but its not in use and the fields in the sql statement are not used in my app. I'm concerned that it could be an sql injection attempt. Although I can't find anything in the other logs that correspond.

I see that you've edited out the server log information from your original post, but I've checked the logs in our admin interface. The stuff that is written to the server log is anything that your code (or the libraries that your code uses) prints out to the standard output stream. So it's unlikely to be a SQL injection attempt unless you're printing out stuff that is coming in requests made to your site. If you don't recognise it, perhaps one of the modules you're using is configured for some kind of verbose logging to stdout?