You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@x/**/char(9);set/**/@x=0x303a303a330;waitfor/**/delay/**/@x--%' OR    LOWER(des' at line 1 SQL query : SELECT COUNT(DISTINCT p.productID) FROM SS_products p   where categoryID>1 and enabled=1 and  ( LOWER(name) LIKE '%�);declare/**/@x/**/char(9);set/**/@x=0x303a303a330;waitfor/**/delay/**/@x--%' /* OR    LOWER(product_code ) LIKE '%�);declare/**/@x/**/char(9);set/**/@x=0x303a303a330;waitfor/**/delay/**/@x--%' OR    LOWER(description) LIKE '%�);declare/**/@x/**/char(9);set/**/@x=0x303a303a330;waitfor/**/delay/**/@x--%' OR    LOWER(brief_description) LIKE '%�);declare/**/@x/**/char(9);set/**/@x=0x303a303a330;waitfor/**/delay/**/@x--%' */)