What does this mysql error means? - mysql

I get the following error:
1064 You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'AND `hackcount` >= 3' at line 1 SQL=SELECT COUNT(*) from
`xxxxx_mi_iptable` WHERE ip = AND `hackcount` >= 3
What does this mean? What should I do to fix this?

There's an error in your WHERE clause:
WHERE ip = AND `hackcount` >= 3
Where ip equals what, exactly? You forgot to put a value there.

Looks like you're using Joomla plugin "Marco's SQL Injection" (http://www.mmleoni.net/sql-iniection-lfi-protection-plugin-for-joomla).
It has a line that tries to detect the IP of the current client
$remoteIP = $_SERVER['REMOTE_ADDR'];
Because REMOTE_ADDR is not always present/reliable/sufficient the following SQL query
$sql = "SELECT COUNT(*) from `#__mi_iptable` WHERE ip = '{$remoteIP}' AND `hackcount` >= {$this->p_ipBlockCount}" ;
fails.
the plugin should use something like this
if (isset($_SERVER['REMOTE_ADDR']))
{
$remoteIP = $_SERVER['REMOTE_ADDR'];
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR']))
{
$remoteIP = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
elseif (isset($_SERVER['HTTP_CLIENT_IP']))
{
$remoteIP = $_SERVER['HTTP_CLIENT_IP'];
}

Related

Inserting CSV File into MYSQL DB via Windows Powershell

I'm trying to fill my db with a csv file via windows powershell and I'm getting following error:
Ausnahme beim Aufrufen von "ExecuteNonQuery" mit 0 Argument(en): "ERROR [42000] [MySQL][ODBC 8.0(a) Driver][mysqld-8.0.29]You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '{Filiale=0; Jahr=2010; Auftrag_Monat=9; Auftrag_Woche=38; LE_Jahr=0; LE_Monat=0;' at line 1"
In C:\PowerSSkripte\CSV Insert.ps1:28 Zeichen:5
+$stmt.ExecuteNonQuery()
This is my code:
$Conn = new-Object System.Data.Odbc.OdbcConnection
$Conn.ConnectionString = "DB-Connection"
$Conn.Open()
$query = "DELETE FROM akustik"
$stmt = New-Object System.Data.Odbc.OdbcCommand($query,$Conn)
$stmt.ExecuteNonQuery()
The delete is working as intended!
Now I'm trying to insert the csv into my db:
$data = Import-Csv C:\TextExport\Akustik.csv
$query = "INSERT INTO akustik (Filiale, Jahr, Auftrag_Monat, Auftrag_Woche, LE_Jahr, LE_Monat, LE_Woche, Anzahl, Anzahl0, Umsatz) VALUES ($row.Filiale, $row.Jahr, $row.Auftrag_Monat, $row.Auftrag_Woche, $row.LE_Jahr, $row.LE_Monat, $row.LE_Woche, $row.Anzahl, $row.Anzahl0, $row.Umsatz)"
$stmt = New-Object System.Data.Odbc.OdbcCommand($query,$Conn)
foreach($row in $data[0]){ #for testing i want only to insert the first row of my csv so im using data[0]
$stmt.ExecuteNonQuery()
}
I'm getting following error.
error:
Ausnahme beim Aufrufen von "ExecuteNonQuery" mit 0 Argument(en):
"ERROR [42000] [MySQL][ODBC 8.0(a) Driver][mysqld-8.0.29]You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near '{Filiale=0; Jahr=2010; Auftrag_Monat=9; Auftrag_Woche=38; LE_Jahr=0; LE_Monat=0;' at line 1"
In C:\PowerSSkripte\CSV Insert.ps1:28 Zeichen:5
$stmt.ExecuteNonQuery()
row 28 is: $stmt.ExecuteNonQuery() the syntax should be fine cause its the same when I'm inserting sth. into my db via MYSQL Workbench.
When I'm changing my insert statement to:
$query = "INSERT INTO akustik (Filiale, Jahr, Auftrag_Monat, Auftrag_Woche, LE_Jahr, LE_Monat, LE_Woche, Anzahl, Anzahl0, Umsatz) VALUES (99, 3002, 12, 12, 3002, 12, 12, 12, 12, 250000.000)"
everything is working fine....
I hope somebody can help me to fix this little issue.
Thanks in advance.
Greetings littleStudent

Saving dbplyr query (tbl_sql object) to MySQL without saving data locally

This question expands on this question
Here, I'm using the custom function created by #Simon.S.A. shown in the answer to this question. I'm attempting to save a tbl_sql object in R to MySQL as a new table without first saving it locally. Here, the database and schema in my MySQL are named "test." The tbl_sql object in R is my_data, and I want to save this is a new table in MySQL labeled "car_data".
library(DBI)
library(tidyverse)
library(dbplyr)
#establish connection and import data from MySQL
con <- DBI::dbConnect(RMariaDB::MariaDB(),
dbname = "test",
host = "127.0.0.1",
user = "user",
password = "password")
my_data <- tbl(con, "mtcars")
my_data <- my_data %>% filter(mpg >= 22)
# write function to save tbl_sql as a new table in SQL
write_to_database <- function(input_tbl, db, schema, tbl_name){
# connection
tbl_connection <- input_tbl$src$con
# SQL query
sql_query <- glue::glue(
"SELECT *\n",
"INTO {db}.{schema}.{tbl_name}\n",
"FROM (\n",
dbplyr::sql_render(input_tbl),
"\n) AS sub_query"
)
result <- dbExecute(tbl_connection, as.character(sql_query))
}
# execute function
write_to_database(my_data, "test", "test", "car_data")
After running final line, I get the following error. I'm not sure how I can fix this.
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.test.car_data
FROM (
SELECT *
FROM `mtcars`
WHERE (`mpg` >= 22.0)
) AS sub_quer' at line 2 [1064]
12.
stop(structure(list(message = "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.test.car_data\nFROM (\nSELECT *\nFROM `mtcars`\nWHERE (`mpg` >= 22.0)\n) AS sub_quer' at line 2 [1064]",
call = NULL, cppstack = NULL), class = c("Rcpp::exception",
"C++Error", "error", "condition")))
11.
result_create(conn#ptr, statement, is_statement)
10.
initialize(value, ...)
9.
initialize(value, ...)
8.
new("MariaDBResult", sql = statement, ptr = result_create(conn#ptr,
statement, is_statement), bigint = conn#bigint, conn = conn)
7.
dbSend(conn, statement, params, is_statement = TRUE)
6.
.local(conn, statement, ...)
5.
dbSendStatement(conn, statement, ...)
4.
dbSendStatement(conn, statement, ...)
3.
dbExecute(tbl_connection, as.character(sql_query))
2.
dbExecute(tbl_connection, as.character(sql_query))
1.
write_to_database(my_data, "test", "test", "car_data")
Creating a table with INTO command is an SQL Server (even MS Access) specific syntax and not supported in MySQL. Instead, consider the counterpart statement: CREATE TABLE...SELECT. Also, schema differs between RDBMS's. For MySQL, database is synonymous to schema.
Therefore, consider adjusted version of SQL build:
sql_query <- glue::glue(
"CREATE TABLE {db}.{tbl_name}\n AS \n",
"SELECT * \n",
"FROM (\n",
dbplyr::sql_render(input_tbl),
"\n) AS sub_query"
)

Error While formating a mysql statement which includes a regular expression

Am trying to retrieve data from a Mysql table i get an error while applying string formatting techniques
First try, results an error
1.service= "Dynamic value"
st="SELECT Name FROM servicetable WHERE hsubservices={0} and Contact REGEXP '[A-Z]{2}|Texas|\s[0-9]{5}'".format(service)
The error which occured here is Index out of range for tuple , yes i get it the '{}' in regular expression are being considered as values of tuple
service="Dynamic Value"
error=mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Value and Contact REGEXP '[A-Z]{2}|Texas|\s[0-9]{5}''
st="SELECT DoctorsName FROM dev_healthservices WHERE hsubservices= %s and Contact REGEXP '[A-Z]{2}|Texas|\s[0-9]{5}'"%(service)
mydb=mysql.connector.connect(
host = "",
user = "",
passwd = "",
database = ""
)
mycursor=mydb.cursor()
mycursor.execute(st)

SQL % statement in python returns error

I created 5 tables in mysql workbench 5.7 in which I will pull data from APIgraph queries for a given facebook page.
However, when I run the code, it throws an error:
ProgrammingError: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%s, %s)' at line 1
Here is the part of the code which I think contains the error :
#create connection to db
connection = connect_db()
cursor = connection.cursor()
#SQL request for inserting the date of the page into the database
insert_page = ("INSERT INTO page"
"(fb_id, name)"
"VALUES (%s, %s)")
insert_posts = ("INSERT INTO posts "
"(page_id, fb_post_id, message, time_created)"
"VALUES (%s, %s, %s, %s)")
And I finally put the data at the end of the code:
cursor.execute(insert_page, json_pageiddata)
Any ideas? Thanks for helping
EDIT: here is my json_pageiddtata variable, obtained from a URL query with APIgraph:
pageid_url = create_pageid_url(current_page, APP_ID, APP_SECRET)
json_pageiddata = render_to_json(pageid_url)
print json_pageiddata["name"], json_pageiddata["id"]
If you are using data as dictionary u need to specify index name, try to use %(name)s.

Doctrine2 Criteria() generate wrong MySQL query

when I use \Doctrine\Common\Collections\Criteria::create()
use Doctrine\Common\Collections\Criteria;
...
$criteria = Criteria::create();
$criteria->where(Criteria::expr()->eq('isPublished', 1))
->andWhere(Criteria::expr()->eq('isDeleted', 0));
$this->comments->matching($criteria)
and I getting error:
Message:
An exception occurred while executing 'SELECT t0.id AS id1, t0.rating AS rating2, t0.text AS text3, t0.username AS username4, t0.isPublished AS isPublished5, t0.isDeleted AS isDeleted6, t0.dateCreated AS dateCreated7, t0.userIP AS userIP8, t0.user_id AS user_id9, t0.product_id AS product_id10 FROM product_comments t0 WHERE ((t0.isPublished IS ? AND t0.isDeleted IS ?) AND t0.product_id IS ?)' with params {"1":1,"2":0,"3":1123}:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1 AND t0.isDeleted IS 0) AND t0.product_id*IS 1123)' at line 1
The problem is operand 'IS' in where clausule. It is not MySQL operand. (If I paste this query to MySQL terminal, and change "IS" => "=" - is all right)
Why Doctrine genetate such query? Where is the problem?
I solved changing line 91 of Doctrine\ORM\Persisters\BasicEntityPersister
from
Comparison::IS => 'IS %s',
to
Comparison::IS => '= %s',
This is a bug in doctrine fixed by upgrading Doctrine ORM to 2.3.5 or later.
Bug report at http://www.doctrine-project.org/jira/browse/DDC-2471
More discussion on the problem at
https://github.com/doctrine/collections/commit/3db3ab843ff76774bee4679d4cb3a10cffb0a935#diff-757942c669bf6be9910786b2558ad745
Try replacing
expr()->eq('isPublished', 1) and expr()->eq('isPublished', 0) with
expr()->eq('isPublished', '?1')
expr()->eq('isPublished', '?0')