##SESSION.sql_mode;
##GLOBAL.sql_mode;
both come up blank, the my.cnf shows no "NO_BACKSLASH_ESCAPE" flag and this is a section of a query which runs on my local server but not on my main.
UPDATE `table`
SET `data` = "[{\"_talent\'s\"etc"
Now I know I can use "[{""_talents""etc" but I'd rather not since it is much easier for me to keep to my current escaping security methods which have always worked before.
The charset is UTF-8 of the table I'm updating. The strangest thing is that it works on insert but not update!
This one really has me scratching. Any ideas?
Cheers
edit:
I've found out that the server is trying to interpret the query like so:
Failed to execute SQL : SQL UPDATE `build` SET `data` = "[{\"_talent\'s" WHERE `build_id` = 1 AND `userId` = 1128; failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE `build` SET `data` = "[{\\"_talent\\'s" WHERE `build_id` = 1 AND `userId`' at line 1
Yet surely it should be the same, why is the SQL engine escaping my escapes!? (if I leave out the escapes the query still fails)
You can try this -
UPDATE 'table'
SET 'data' = '[{"_talents"etc'
Is this relevant?
MySQL / PHP problem with " and '
Which implys you may have magic Quotes enabled somewhere to add extra backslashes (which may explain why you get odd behaviout on your server but not your local machine)?
The different behaviour on both platforms implies some configuration issue on the server to me (you sure they are the same version?) I'm reaching a bit here though.
I found out it seems to have been my version of webmin adding it in on the console... d'oh
When I ran the query from PHP it went through perfectly.
Many thanks though.
Related
I am sure that I am missing some small but important detail, but need to help to see why I am consistantly getting an error when I add in the SELECT #output in my input like this. I have looked at many aritcles and answers but none of them are quite what I am looking at:
let connection = mysql.createConnection(config,{CLIENT_MULTI_RESULTS: true});
(this line is the issue)
**let sql = 'CALL sp_whatever(?,#usernameOut);select #usernameOut;'**
await connection.query(sql, [param1],
function(err,rows){
console.log("INSIDE MySQL1");
I am doing this in Node JS and most examples are acutally in PHP. I have not found anything that is exactly what I am looking for (why am I getting a formatting error when I set it up like other examples or tutorials?)
I am using MySQL 5.7 on my Azure LInux server and the MySQL stored procedure looks like this: (in case the issue is inside the Stored Procedure itself)
CREATE DEFINER=`someDB`#`%` PROCEDURE `GetUsername`(
IN userIdVal INT,
OUT usernameOut NVARCHAR(45)
)
BEGIN
SELECT username INTO usernameOut
FROM players
WHERE userId = userIdVal AND avatarId = 0 AND Gender IS NULL AND active = 1 ;
END
This is the error I am getting:
err.message: ER_PARSE_ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'select #username' at line 1
It turns out that my real problem was a Node JS one. I was unable to get the output because it was a second command. I had read that I needed to add in multipleStatements: true if I wanted/needed to process multiple commands. What I didn't figure out until tonigt was that it had to be added to the config file to work correctly. Works great now!
Here is my simple query:
my $SQLp = "SELECT MAX([PawnPayments].[CreationTimeDate]) as MaxTransDate
FROM [PawnSafeDBCE].[dbo].[PawnPayments]
INNER JOIN [PawnSafeDBCE].[dbo].[PawnPaymentDetails]
ON [PawnPayments[.[PaymentID] = [PawnPaymentDetails].[PaymentID]
WHERE [PawnPaymentDetails].[TicketID[ = '$TicketID'
AND [PawnPaymentDetails].[StoreID] ='$StoreID'
Note that query is written on Perl engine. I keep receiving an error that says:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[PawnPayments].[CreationTimeDate]) as MaxTransDate:"
I believe the error has to do with the bracket notation, but unfortunately, I am having to use this style due to a poorly constructed 3rd party table. Any help? Am I missing something obvious?
Huge EDIT: The table I am querying is actually on a SQL server, not a MySQL server! My database runs on the MySQL server, but this 3rd party database runs on an older version of Microsoft SQL.
I don't know why you have all those square brackets around your table and column names, but they aren't necessary and they aren't standard SQL. That's what is causing your syntax error.
my $SQLp = "SELECT MAX(PawnPayments.CreationTimeDate) as MaxTransDate
FROM PawnSafeDBCE.dbo.PawnPayments
INNER JOIN PawnSafeDBCE.dbo.PawnPaymentDetails
ON PawnPayments.PaymentID = PawnPaymentDetails.PaymentID
WHERE PawnPaymentDetails.TicketID = '$TicketID'
AND PawnPaymentDetails.StoreID ='$StoreID'";
I'll also add that having variables interpolated in your SQL statement like that is potentially leaving you open to SQL injection attacks. Far better to use bind points in your SQL and use extra arguments to execute to fill in the values (assuming you're using DBI).
my $SQLp = "SELECT MAX(PawnPayments.CreationTimeDate) as MaxTransDate
FROM PawnSafeDBCE.dbo.PawnPayments
INNER JOIN PawnSafeDBCE.dbo.PawnPaymentDetails
ON PawnPayments.PaymentID = PawnPaymentDetails.PaymentID
WHERE PawnPaymentDetails.TicketID = ?
AND PawnPaymentDetails.StoreID = ?";
my $sth = $dbh->prepare($SQLp);
$sth->execute($TicketID, $StoreID);
Update: As Bill Karwin points out in a comment, the database.schema.table syntax makes no sense in a MySQL database. So I think you're a little confused. The error message you are getting definitely mentions MySQL, so you're connecting to a MySQL server, using DBD::MySQL - but perhaps you should be connecting to an MSSQL server instead.
It might be useful if you showed us your database connection code - the call that sets up your $dbh (or equivalent) variable.
You say you are querying a MS SQL database, but the error message clearly says you are using a MySQL database or a MySQL database driver.
If you are querying a MS SQL database, fix your connection string.
If you are querying a MySQL database, use a MySQL-compatible query. MySQL uses backticks to quote identifiers (not square brackets like MS SQL).
[PawnPayments].[CreationTimeDate]
should be
`PawnPayments`.`CreationTimeDate`
Note that your code suffers from injection bugs due to incorrect quoting of value inserted into the SQL query. (It's not good enough just to put quotes around the values!) These can cause your code to fail, and they could make you vulnerable to injection attacks. Fix the quoting, or use replaceable parameters.
I'm sure this is something to do with how I've set the server up. Total server noob.
When I enter the query
SELECT * FROM `models` WHERE `sex` = 'x'
I get an error saying
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' x ' '
SELECT * FROM `models` WHERE `sex` = ' x '
I have removed the ; from the code examples for clarity.
Is this a php.ini setting I need to change? Is this an input conversion?
Thanks in advance.
Don't use "html entities" when writing SQL.
' is one way of encoding an apostrophe ' for display on web pages. I don't know how you go that into your code, but that seems to be the problem.
Only use the PHP function htmlentities() for writing to the web page.
What editor are you using?
Edit:
Check php.ini. You may need magic_quotes_gpc = Off
I have never had this happened to me before, it is very very strange,
very simple SQL update is not working:
UPDATE table givi_user_sessions set givi_user_clientid='somevalue' where givi_user_id=2;
i tried other variations like:
UPDATE table givi_user_sessions set where givi_user_id=3 where givi_user_id=2
and this too:
UPDATE table `givi_user_sessions` set where `givi_user_id`=3 where `givi_user_id`=2
All those options gave me following error:
Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table givi_user_sessions set givi_user_clientid='somevalue' where givi_user_id=2' at line 1
I double checked that table exists, and also that column names are correct,
the only thing that I can recall is that i changed table name from user_sessions to givi_user_sessions, but that should not matter at all, unless something got messed in mysql engine, because I definately think that my sql is correct. or maybe i have been working for too long today.
any advices would be appreciated.
You don't need to include the keyword "table" in your query. You can check the syntax of the update query here: http://www.w3schools.com/php/php_mysql_update.asp
It should look like this:
UPDATE givi_user_sessions set givi_user_clientid='somevalue' where givi_user_id=2;
I'm using Update videos Set views = views + 1 Where video_id='$id', but MySQL give me back error 1064:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ' 8' at line 1
What can cause it?
Most likely $id is not what you expect it is. I imagine the query that is coming through looks something like
update videos set view = views + 1 where video='' 8'';
Note: Those are two single quotes on either side of the 8.
To confirm this you have a couple options.
Turn on general query logging, as a super user (root) from the mysql command prompt run
set general_log_file='/tmp/mysql.log';
set general_log ='on';
Now every single query that gets sent to mysql will show up in /tmp/mysql.log (Note this can quickly grow very large so don't leave it on after you're done debugging).
App logs
Do you have any kind of logging frame work going on? Before your actual call to execute the query, log the value of ($id). For a poor mans logging you could do something like
file_put_contents('/tmp/debug.txt', date("Y-m-d H:i:s")." id is [$id]\n",FILE_APPEND);