I can not figure out (not sure what the error codes mean) what is wrong with the below SQL statement and I am do not have enough experience to troubleshoot it. Thank you :).
UPDATE `dbo.Custom_PrimerSet`
SET `Hyperlink` = replace(Hyperlink, 'xxxx', 'pxlence')
Error
Error in table name or view name in UPDATE clause.
Error in set list in UPDATE clause.
Incomplete SET clause.
Unable to parse query text.
You use both Hyperlink and 'Hyperlink'. If you make those consistent and correct does it work out better?
Correct in this case being to omit the quote in the update statement. At least that what works for me in a sqlfiddle
Related
I am testing out a blind boolean SQL injection endpoint in a course and am having some issues figuring out where my payload is going wrong.
I have tested the below in the mysql shell on the target box and it works.
GRANT/**/ALL/**/ON/**/*.*/**/TO/**/root#localhost;
But when I submit it in the q GET param I am getting an error in the application.
php?q=off')/**/or/**/GRANT/**/ALL/**/ON/**/*.*/**/TO/**/root#localhost%23
I tested a basic boolean statement with '1'='1' instead and it works fine so I am assuming there is something wrong with my actual query in the context of the URL.
q=off')/**/or/**/'1'='1'%23
I have tried the payload url encoded as well but still with the same issues.
Any idea what might be causing this?
Using SQL injection to combine a partial expression like
OR '1'='1' as part of some other query works because there are many ways to append extra expression syntax to an existing SQL query that already has a WHERE clause.
For example, it's easy to see in the below example how the additional expression can be appended to the first query, and it's still a legal expression.
SELECT * FROM mytable WHERE col1 = 'off'
SELECT * FROM mytable WHERE col1 = 'off' OR '1'='1' -- '
But GRANT is a statement on its own. It cannot be appended to another query like that. There's no way to combine GRANT with a SELECT statement.
SELECT * FROM mytable WHERE col1 = 'off' OR GRANT ALL ON *.* TO ...
That's just not a legal SQL query. You can study the online syntax reference for SELECT and other types of statements.
SQL injection works by tricking the app into executing one SQL statement with different syntax than the original intended SQL statement. But it can't make invalid syntax work!
MySQL gives me syntax error for a simple query but I don't see any error. If you guys find any please help.
insert into cast(sid,celeb_id,type,name,prior)
values(30,1,1,'James Keziah Delaney',2)
It gives sql syntax error near cast.
The main cause of this error is that there is a function Cast in mysql.
It look like to call the cast() function.
You can choose one of the solutions to solve it.
add ` to contain cast table name
look like this.
insert into `cast`(sid,celeb_id,type,name,prior) values(30,1,1,'James Keziah Delaney',2)
sqlfiddle
add a space between cast and ( let mysql know you did't want to execute Cast method. thank for #Barmar remind.
Note:
I would suggest you don't give the table name from keyword or function name.
You can't insert into cast(). It requires a list of column names.
I keep getting this error for an insert into ... update query, the problem, this column 'str' does not exist in the table being updated, or any of the tables I'm pulling data from, and it's not in the query.
Error Code: 1406. Data too long for column 'str' at row 215710
I'm totally stumped here. It this a mysql bug? I went as far as to isolate the query to just one column, still got this error.
UPDATE 1:
I just tried updating with a manual value, on one column only set to longtext. I'm still getting the exact same error.
UPDATE 2:
Major update, I isolated the problem down to the select query, the original error implied a table column, however, it seems to be pointing to what I assume is some kind of temp table column for the following row. When I yanked this out of the query, it worked. Ironically, this is the same column I did my one column test with where I manually entered an value in the update on duplicate key part of my query.
CONCAT_WS('', UC_Words(`name`), ' | ', UC_Words(`city`), ' ', UC_Words(`state`), ' ', UC_Words(`country`), CONCAT('|---|',`name-key`)) AS `owner-data`
I'm currently using lots of GROUP_CONCAT's, but I have already adjusted the length. Is there a parameter for CONCAT_WS length? NOTE: UC_Words is a custom function. This could possibly be a culprit, still need to test it...
UPDATE 3:
The error appears to be a result of the UC_Words function. The 'str' is the name field in that function. Type was set to VARCHAR 255, which was too short.
MySQL will truncate any insert value that exceeds the specified column width.
to make this without error try Switch your MySQL mode to not use STRICT.
EDIT:
To change the mode
This can be done in two ways:
Open your "my.ini" file within the MySQL installation directory, and look for the text "sql-mode".
Find:
Code:
Set the SQL mode to strict
sql-mode="STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Replace with:
Code:
Set the SQL mode to strict
sql-mode="NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
Or
You can run an SQL query within your database management tool, such as phpMyAdmin:
Code:
SET ##global.sql_mode= '';
The error appears to be a result of the UC_Words function. The 'str' is the name field in that function. Type was set to VARCHAR 255, which was too short.
Trying to relocate a Wordpress DB and are running in to this issue all the time.
Been trying all the normal stuff to get it working optimizing, repairing etc and also try to import it with several tools (Sequel pro etc ) and over ssh.
Have the issue occurring over several tables and can see that other's have had the same. Because i can't import any copy i would need some expertise advice how to solve this either in phpmyadmin or ssh.
Error message is
#mysql -u -p db < /tmp/file.sql
> ERROR 1064 (42000) at line 109088: You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version
> for the right syntax to use near '<!
> <div class="error"><h1>Error</h1> <p><strong>SQL query:</strong> <a href=' at line 1
Don't really know how to approach it because i find this all over the DB
like
<image:caption><![CDATA
Any advice?
Since "all the normal stuff" isn't working...
I'm going to take a guess, you are a running something to "copy" the contents of a database table, or you're doing some sort of "dump" or "export" that creates SQL statements.
And the SQL statements that are running against the target are throwing an error.
We can't tell (from where we're sitting and what we're seeing) what it is you are actually doing, we're just guessing.
The two most likely possibilities:
Whatever tool you are using isn't expecting that the column values being copied might contain values that need to be "escaped" if that value is incorporated in the text of a SQL statement. For example, suppose I have a column value like this:
I'd like a pony
and If I grab that value and I naively stick that into the text of a SQL statement, without regard for any characters it might contain, e.g.
INSERT INTO foo (bar) VALUES ('I'd like a pony');
If I try to execute that statement, MySQL is going to throw a syntax error. MySQL is going to see a string literal with a value of 'I' (the single quote that is part of the string is now being seen as the end of the string literal. MySQL is going to flag a syntax error on what follows d like a pony.
When we take a value and build a SQL statement from it, we have to properly escape the values. In this example, the insert statement to reproduce that string value could look like this:
INSERT INTO foo (bar) VALUES ('I''d like a pony');
^^
If this is what's happening, you can be thankful that the column values didn't include something more nefarious...
Robert'); DROP TABLE students; --
But without seeing the actual SQL statement that is being executed, this is just a guess at what is causing the issue.
Is there some kind of guide or some instructions that you are following to "relocate a Wordpress DB" which documents "all the normal stuff" that you are doing?
FOLLOWUP
Question was edited to add this information:
mysql -u -p db < /tmp/file.sql
What's important here is the contents of file.sql.
The problem is most likely in the part of "all the normal stuff" is producing that file. That part is effectively broken because it's not expecting that an extracted column value can contain a single quote character, and is not properly escaping the value before it's incorporated into the text of a SQL INSERT statement.
I need this query for testing exception handling, so I would prefer that the query is not schema dependent. I am looking for something like SELECT 1; but of course that doesn't fail.
I am using Java and MySQL but I hope to find answers that doesn't depend on programming languages and/or RDBMSs.
What about "SELECT 1/0" for starters?
You could put an invalid token into the query
select doesnotexist.* from something_else
Or of course, what you should do is mock out the method and have it throw the exception during your test.
there are tons of ways to make a query fail, like mispelling a field, or selecting from non existing tables. for example:
SELECT some_fake_field FROM table_that_doesnt_exists
One way to trigger a failure is to call a stored procedure with the wrong number of parameters. Another similar idea is to write an update/insert statement with the wrong number of arguments...
More ideas here:
How to raise an error within a MySQL function
Any old syntax error will do... like an unterminated string
select 'bob
To get 1/0 to raise an error in MySQL, you need to set sql_mode to ERROR_FOR_DIVISION_BY_ZERO.
Try this:
SET sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO';
SELECT 1/0;
If this sql_mode isn't set, MySQL will return a NULL instead of an error.
You can check what your current settings are with the following:
SELECT ##GLOBAL.sql_mode;
SELECT ##SESSION.sql_mode;