Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
this error
2 errors were found during analysis.
This type of clause was previously parsed. (near "WHERE" at position 64)
Unrecognized statement type. (near "WHERE" at position 64)
SQL query: Documentation
SELECT * FROM helpdeskrequest
WHERE detail LIKE '%New PC%'
AND WHERE type='HW'
MySQL said: Documentation
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE type='HW'' at line 2
{SELECT * FROM helpdeskrequest
WHERE detail LIKE '%New PC%' AND WHERE type='HW'}
You don't need the double WHERE:
SELECT * FROM helpdeskrequest
WHERE detail LIKE '%New PC%' AND type='HW'
Related
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 2 years ago.
Improve this question
I don't have much experience with mySQL but I thought I knew the basics. However, I am clearly missing something. I am using a database that has 6 tables, I can look at 5 of them with no problem. I was looking for some values and I wasn't sure which exact table it was in so I typed in my mySQL 101 level statement- 'SELECT * FROM project', received the values, and saw that my target was not in there. So I next ran 'SELECT * FROM release' except that command does not work.
The MySQL Workbench underlines the word 'SELECT' and the tooltip message says- "select" is not valid at this position for this server version
When I attempt to run the command, I get Error Code: 1064. You have an error in your SQL syntax
So I tried deleting and rewriting, thinking it was some sort of bug but restarts and everything else I have tried is not helping and I have been unable to google anything relevant.
full command-
USE scorecarddb;
SHOW TABLES;
SELECT * FROM release;
but I usually just use the 1 line command run (aka I only run line 3 since I am already in the scorecard db). And I don't think it is an actual syntax error because if I change the word 'release' to 'project' or any of the other table names, it works
release might be a reserved keyword. Try using:
SELECT * FROM `release`;
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
I'm trying to write a query to delete a raw in a database. This is the query:
"delete from ombrellone where PosizioneX='"+i+"'AND PosizioneY='"+j+"')");
I don't know what I wrong. Anyone can help me?
The exception is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1
"delete from ombrellone where PosizioneX='" + i + "' AND PosizioneY = '" + j +"'";
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm trying to pull a simple count distinct from a table in MySQL. The query is the following:
select COUNT (DISTINCT column1) as distinctVol
from table1
The error I'm getting is below:
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'DISTINCT call_reference) as distinctVol
from dlr_calls_hist' at line 1 (State:37000, Native Code: 428)
I've already tried in various different ways, but I can try things again upon suggestions, to make sure it's not typo related.
I've also given it a go with an online SS to MySQL converter (I'm used to using SQL Server), which just spat back the same syntax.
Yes, I could potentially output data and import it into SQL Server, which is the final aim of my efforts, but first I would need to create the dataset as the entire db in MySQL is too large with quite a bit of unnecessary info - trying to keep the resource waste to minimum.
All ideas welcome, and thank you in advanZe!
In MySQL, when using aggregate functions, you can't have whitespace between the function name and the (. Change to:
SELECT COUNT(DISTINCT column1)
FROM table1
DEMO
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Okay so basically I'm a little bit stumped. This question is regarding the JDBC driver. Basically we own a server that is hosted on this driver, and it's running MYSQL. We are using coldfusion as our language of choice. We have a GET parameter ?lang= and injecting the character '\' into it prompts the error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near and no other character causes this error. I am sort of worried here. Can anyone tell me how an attacker would approach an sql injection attack into this parameter? So I can understand how I can filter it because in my code I am properly filtering preg_match on \ character and yet I still get this error. How would I be able to inject this parameter? Can someone point me to a guide or something, or if it's even possible. Just so I can rest in piece assuming it's not. But anyhow if this information is necessary the mysql version is 5.1.30 and the exact driver name is MySQL-AB JDBC Driver. Thanks for taking your time to help me out!
\ can be an escape character in mysql.
For example, an attacker could use the \b sequence to delete portions of your query and rewrite with their own injected sql.
The most reliable way to prevent sql injection attacks is to use parametrized queries.
See also:
Mysql character escape sequences
Preventing Sql Injection in Java
Using prepared statements
Also be aware that in many databases (not absolutely sure about the JDBC/Mysql combination) it is also possible to "inject" a wildcard character into a sql LIKE clause, even with a parametrized query. "Injection" in this particular case is not always a problem - in fact, in many cases it may be exactly the desired behavior. However, it can be a problem, if for example, you were doing something horrid like SELECT * FROM Users WHERE UserName LIKE #userInput AND Password LIKE #passwordInput (which would allow anyone to log in simply by inputing the % wildcard character on the screen for both fields).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Is there a SQL query that returns the schema of the current database? Like with columns "table", "name", "type", etc.
The platforms in question are MySQL, PostgreSQL, SQLite, and T-SQL.
The real RDBMS should all support an INFORMATION_SCHEMA set of views and tables. I think SQLite has its own take on things, but then it's a SQL library rather than a full RDBMS.
If you stick to the ANSI standard stuff your queries should be portable enough, but obviously you won't get details of the various platform-specfic features.
For MySQL, try SHOW TABLES; and DESCRIBE table_name;
For more info, check out http://dev.mysql.com/doc/refman/5.0/en/getting-information.html