When you have some syntactical error in a query you will be a error message like:
SQL Error (1064): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'foo' at line 1 */
Such error message does not provide useful hint to resolve error, e.g. what it expects at that line.
Is there any config to improve the MySQL error reporting?
What about other RDBMS (PostgreSQL, Oracle, MS SQL Server)?
Do they generate better error messages?
PostgreSQL's error messages are generally quite useful.
craig=> SELECT abc FROM no_such_table HAVING blah WHERE nonense GARBAGE;
ERROR: syntax error at or near "WHERE"
LINE 1: SELECT abc FROM no_such_table HAVING blah WHERE nonense GARB...
^
It doesn't say Syntax error near WHERE; HINT: WHERE clause may not appear after HAVING... which would be nice, but turns out to be a bit tricky to do with the parser. Nonetheless, it tells you where the error is.
It can often be more specific than this, too, it depends on the nature of the error.
Using SQL fiddle I executed following query on some RDBMS.
select foo from
Only Oracle 11g returned a smart error message:
ORA-00903: invalid table name : select foo from
Other error messages:
# SQL Server 2008
Incorrect syntax near 'from'.: select foo from
#SQLite
could not prepare statement (1 near "from": syntax error)
#PostgreSQL 9.3
ERROR: syntax error at end of input: select foo from
#MySQL 5.5
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1: select foo from
Related
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SET last_activity = '1555496297', user_data = 'a:1:{s:17:\"flash:new:message' at line 1
Running on mySQL 4.0, PHP. 5
It would be better if you would share your query. It seems that this is a syntax error.
Chek your query syntax or share your code here.
Can anyone tell me what is it that I am doing wrong in this statement
$connection = Yii::$app->db;
$result=$connection->createCommand("SHOW TABLE STATUS LIKE
{{%promo_deliveries}}")->execute();
I am getting this error
Exception 'yii\db\Exception' with message 'SQLSTATE[42000]: Syntax
error or access violation: 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MariaDB server version for
the right syntax to use near 'sms_promo_deliveries' at line 1 The
SQL being executed was: `SHOW TABLE STATUS LIKE sms_promo_deliveries'
in
F:\xampp\htdocs\Nxb\sms_protected\vendor\yiisoft\yii2\db\Schema.php:631
Error Info: Array (
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
near 'sms_promo_deliveries' at line 1 )
This had nothing to do with the table naming convention when using query builder in fact it was a syntax error as specified, had to add quotes around the table name as i was using the LIKE keyword to match the table name.
$result=$connection->createCommand("SHOW TABLE STATUS LIKE
'{{%promo_deliveries}}'")->execute();
I was testing security of a friend's site and I found SQL Injection vulnerability by putting ' at end of URL
The site is built in zend framework
The issue I am having is the comment syntax in MySQL -- is not working so the page is still throwing error
Exception: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order by 1--) ORDER BY companies.company_name ASC' at line 8
in /home/xxxxxxx/xxxxxxxxxx/lib/Zend/Db/Adapter/Abstract.php on line 157
If you look up the error, the query is not terminated after --
Even # and --+-is not working
By putting ' at the end of the URL and the website is throwing out an error doesn't always mean it's vulnerable against SQLi.
I cannot run sql queries to phpMyAdmin because every time I try to run a query (Update or Insert ) backslashes are added before quotes or double .
Example:
update bareme set code_fam='loa' WHERE code=159
I get the following error message:
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem
ERROR: Unknown Punctuation String # 31
STR: =\
SQL: updatebaremesetcode_fam=\'loa\' WHEREcode=159
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'loa\' WHERE code=159' at line 1
magic_quotes_gpc=on;
magic_quotes_runtime=off;
magic_quotes_sybase=off;
MySQL only gives an unhelpful error message when it encounters a grammar or syntax error:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near .......
Is there any way to let MySQL to explain syntax error (e.g. expecting closing parenthesis, illegal expression, etc) in details?
The answer is - no. All server errors messages and their codes are listed in the documentation.
Server Error Codes and Messages.
From the documentation - For error checking, use error codes, not error messages. Error messages do not change often, but it is possible.
About the syntax errors: if there are no more specific error codes, then you get Error: 1149 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax...
As a work around: You can view all syntax errors in dbForge Studio for MySQL. Create new SQL document and write some code, or just open SQL-file, automatic SQL syntax check will highlight errors in the code.
Automatic SQL syntax check feature.
This feature is available in Professional and Enterprise editions, but you can try it on trial version.