I'm working with JMeter to load test queries on a mySQL database (memsql server, mySQL syntax). I'm using a gui version of JMeter to create a test plan xml file and then go to another server and run that xml in non-gui mode.
I have two queries running, one that selects and one that inserts. Both queries use parameters taken from a csv file I made with a script.
My SELECT statement works just fine with parameters taken from a csv file but I run into syntax errors with my INSERT statement:
INSERT INTO customer_transactions_current (`column_name1`, ... , `column_name12`)
VALUES ((${r1},${r2},${r3},${r4},${r5},${r6},${r7},${r8},${r9},${r10},${r11},${r12}));
In the section of the query in the gui mode under 'CSV Data Set Config' I choose to delimit the data by ',' and the variable names are r1,..,r12.
Under the query itself I entered the parameter types and again the same names, just as I did for the working SELECT query.
When I run the query I run into a syntax error on the first column (which is of type datetime):
java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '19:00:00,75400492,936988,56,1115,5,2156,8,2,3,909,3))' at line 2
The dates I'm entering are of the form: '2018-11-2 20:00:00' and in the csv file they are present without apostrophes.
It seems that the syntax error has something to do with the date and in the position where it holds a space. I tried entering the STR_TO_DATE function for that column but kept getting syntax errors.
BUT when I try to take some values from the file and manually run the query it works fine! So my thoughts are that it has something to do JMeter's conversion of spaces before sending out the query.
Is the problem with my configurations of JMeter? Since the query is OK manually.
Add apostrophes to insert and remove unnecessary parenthesis
INSERT INTO customer_transactions_current ('column_name1', ... , 'column_name12')
VALUES ('${r1}','${r2}','${r3}','${r4}','${r5}','${r6}','${r7}','${r8}','${r9}','${r10}','${r11}','${r12}');
If you have date issue see using STR_TO_DATE
Related
I am new to MySQL and I am building a Flask project and using mysql.connector to query a MySQL Database. I know this question has been answered many times before but this is more specific to using MySQL with Flask.
I need to pass a query where I want to plug in the table name into the query, dynamically, depending on the value stored in the session variable in Flask. But the problem is, if I try to do:
Method 1:
cur.execute('SELECT * FROM %s;',(session['table_name'],))
the database throws an error stating that such a table is not found. However, the problem is mysql.connector keeps enclosing the table name with single quotes, hence the error.
Sample Error Statement:
mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''52_data'' at line 1
Here the table name should be 52_data and not '52_data'.
Only other workaround, I figured, is using:
Method 2:
cur.execute('SELECT * FROM '+session['table_name']+';')
which is working but it does not escape SQL Injection, I am guessing, since it's direct concatenation, unlike Method 1, where the cur.execute() function handles the escaping, as per this question.
The value being passed is stored in a sessions variable in Flask, which is not so secure, as per Miguel's Video. Hence, I want to escape that string, without triggering off an error.
Is it possible to implement Method 1 in a way that it does not add the quotes, or maybe escape the string using some function? Or maybe any other Python/Flask package that can handle this problem better?
Or if nothing works, is checking for SQL Injection manually using regex is a wiser option?
Thanks in advance.
Note: The package name for this mysql.connector is mysql-connector-python and not any other same sounding package.
For identifiers, you can use something like:
table_name = conn.converter.escape(session['table_name'])
cur.execute('SELECT * FROM `{}`'.format(table_name))
For values placeholders, you can use your Method 1, by using the parameters in the cur.execute() method. They will be escaped and quoted.
More details in https://dev.mysql.com/doc/connector-python/en/connector-python-api-mysqlcursor-execute.html
NOTE: You don't need to end the SQL statements with ;
I can get backup file for mysql database using php and every thing gone nice , but when I trying to restore this backup file I have mysqli error
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO radpostauth VALUES ('289','ah','ah','Access-Accept','2017-08-14 10:' at line 7
in other hand when I take the query which is writed into the file and past it in php my admin directly it executed without any error I am sure that the query is right
I have 3 empty line between every insert query when I run the file the first insert query is executed but the error is show when want to execute the second insert query
INSERT INTO radcheck VALUES ('1229','ah','Cleartext-Password',':=','ah','','','','','','','','');
INSERT INTO radpostauth VALUES ('289','ah','ah','Access-Accept','2017-08-14 10:04:22'), ('290','muh','asdfghjkl','Access-Accept','2017-08-14 10:05:30'), ('291','sda','sad','Access-Accept','2017-08-14 11:21:48'), ('292','sda','sad','Access-Accept','2017-08-14 11:55:40'), ('293','sda','sad','Access-Accept','2017-08-14 11:59:03'), ('294','sda','sad','Access-Accept','2017-08-14 12:52:58'), ('295','sda','sad','Access-Accept','2017-08-14 13:41:41'), ('296','sda','sad','Access-Accept','2017-08-14 14:50:40'), ('297','sda','sad','Access-Accept','2017-08-15 09:45:40'), ('298','ah','ah','Access-Accept','2017-08-16 12:52:09'), ('299','ah','ah','Access-Accept','2017-08-17 09:19:53');
why I have this wrong
Try using mysqli::multi_query() instead of mysqli::query(). It allows the execution of multiple queries at once.
Trying to relocate a Wordpress DB and are running in to this issue all the time.
Been trying all the normal stuff to get it working optimizing, repairing etc and also try to import it with several tools (Sequel pro etc ) and over ssh.
Have the issue occurring over several tables and can see that other's have had the same. Because i can't import any copy i would need some expertise advice how to solve this either in phpmyadmin or ssh.
Error message is
#mysql -u -p db < /tmp/file.sql
> ERROR 1064 (42000) at line 109088: You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version
> for the right syntax to use near '<!
> <div class="error"><h1>Error</h1> <p><strong>SQL query:</strong> <a href=' at line 1
Don't really know how to approach it because i find this all over the DB
like
<image:caption><![CDATA
Any advice?
Since "all the normal stuff" isn't working...
I'm going to take a guess, you are a running something to "copy" the contents of a database table, or you're doing some sort of "dump" or "export" that creates SQL statements.
And the SQL statements that are running against the target are throwing an error.
We can't tell (from where we're sitting and what we're seeing) what it is you are actually doing, we're just guessing.
The two most likely possibilities:
Whatever tool you are using isn't expecting that the column values being copied might contain values that need to be "escaped" if that value is incorporated in the text of a SQL statement. For example, suppose I have a column value like this:
I'd like a pony
and If I grab that value and I naively stick that into the text of a SQL statement, without regard for any characters it might contain, e.g.
INSERT INTO foo (bar) VALUES ('I'd like a pony');
If I try to execute that statement, MySQL is going to throw a syntax error. MySQL is going to see a string literal with a value of 'I' (the single quote that is part of the string is now being seen as the end of the string literal. MySQL is going to flag a syntax error on what follows d like a pony.
When we take a value and build a SQL statement from it, we have to properly escape the values. In this example, the insert statement to reproduce that string value could look like this:
INSERT INTO foo (bar) VALUES ('I''d like a pony');
^^
If this is what's happening, you can be thankful that the column values didn't include something more nefarious...
Robert'); DROP TABLE students; --
But without seeing the actual SQL statement that is being executed, this is just a guess at what is causing the issue.
Is there some kind of guide or some instructions that you are following to "relocate a Wordpress DB" which documents "all the normal stuff" that you are doing?
FOLLOWUP
Question was edited to add this information:
mysql -u -p db < /tmp/file.sql
What's important here is the contents of file.sql.
The problem is most likely in the part of "all the normal stuff" is producing that file. That part is effectively broken because it's not expecting that an extracted column value can contain a single quote character, and is not properly escaping the value before it's incorporated into the text of a SQL INSERT statement.
I'm using the SQL window in phpMyAdmin (3.5.7) to insert rows into a MySql table, but am having problems with the syntax checker. It's running on Windows Server 2003.
If I click the "INSERT" button to generate a template, then overtype the values in the template, there is no problem. However I because I need to populate a large number of rows I have auto-generated INSERT statements using Excel, pasted them into a text editor, and then pasted them into the same phpMyAdmin SQL window. The results are baffling...
The statement below (generated using Excel/text editor/copy&paste) gives an error:
#1064 - You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ''timeslot' ('slot_no', 'slot_starttime') VALUES (3,'00:30')' at
line 1
INSERT INTO 'timeslot' ('slot_no', 'slot_starttime') VALUES (2,'00:15')
The statement below is fine however (it was constructed by clicking the INSERT button on the SQL window then over-typing the text in the template:
INSERT INTO `timeslot`(`slot_no`, `slot_starttime`) VALUES (2,'00:15')
I have copied and pasted both statements into this post directly from the phpMyAdmin window. They look pretty much the same to me, so I can't understand why the first one fails.
???
If you have pasted the results directly as you say, there is a syntax error.
In MYSQL you cannot enclose field or table names using the apostrophe sign. Rather you've got to use the BACK-QUOTE (on the tilde key)
So the following is WRONG:
INSERT INTO 'timeslot' ('slot_no', 'slot_starttime') VALUES (2,'00:15')
And the folowing is CORRECT:
INSERT INTO `timeslot` (`slot_no`, `slot_starttime`) VALUES (2,'00:15')
And even the following is CORRECT (without the back-quotes):
INSERT INTO timeslot (slot_no, slot_starttime) VALUES (2,'00:15')
The common single quote (') is used only for VALUES in an SQL statement.
On the Linux command line I call this script via the mysql terminal using source...
--First insert new template types
insert into TemplateType(id,name,size)
values (10,'Feature Sheet','8.5x11 ss');
insert into TemplateType(id,name,size)
values (11,'Feature Sheet','8.5x11 ds');
insert into TemplateType(id,name,size)
values (12,'Feature Sheet','11x17');
When I do I get an error saying my sql syntax is invalid. Is this not the correct way to comment an sql file?
Apparently you need whitespace after the -- or use a # instead....
http://dev.mysql.com/doc/refman/5.0/en/comments.html