I create a table named "PathTable" in a MS-Access DB.
The table is like this:
------------------------------
| IP | Input | Output |
------------------------------
| 127.0.0.1 | XXXXX | YYYYYY |
------------------------------
When I programed these
String CommandString = "SELECT Input, Output FROM PathTable WHERE IP = '127.0.0.1'";
OleDbCommand CommandObj = new OleDbCommand( CommandString, m_Connection );
OleDbDataReader ReaderObj = CommandObj.ExecuteReader();
the code always throw OleDbException, and the ErrorDescription is E_FAIL(0x80004005),
But if I replaced the commandString with
SELECT * FROM PathTable WHERE IP = '127.0.0.1'
The problem never happended again.
So, my question is: Does OleDbCommand only excute "select * "? Thanks.
Maybe these are reserved words. Try quoting them:
SELECT [Input], [Output] FROM PathTable WHERE IP = '127.0.0.1'
I am sending you the list of Microsoft reserved words, Please check, you are using reserved keyword that's why you are facing this problem.
http://support.microsoft.com/kb/321266
It's possible 'input' or 'output' are reserved words in Access SQL so try adding [] square brackets around those field names.
Input and Output may be keywords. Try surrounding them with square brackets. i.e.
[Input]
[Output]
File Not Found - Another possible cause of this exception is if the File your trying to load/read does not exist.
I have found it useful to perform a "File.Exists" before trying to open the file just to make sure my code detects this specific cause of the "IErrorInfo.GetDescription failed with E_FAIL(0x80004005)" exception correctly.
Related
Im trying to get AES_ENCRYPT/AES_DECRYPT to work with mySql 5.7 to be able to encrypt passwords.
But my response text is only ????
I have a table "personal" and there I have created a column called thepassword, and I have set it to be VARBINARY(256).
I don´t know if the connection/driver to my db has anything to do with it, but here it is.
strConn = "driver={MySQL ODBC 3.51 Driver};server=localhost;uid=xxxx;pwd=xxxx;database=xxxx;option=3"
set conn = Server.CreateObject("ADODB.Connection")
conn.Open strConn
And it is a asp classic page where I first inserted with this.
sql= "INSERT into personal (name, thepassword) VALUES ('Bob',AES_ENCRYPT('testar encrypt texten', 'mypasskey2018'));"
conn.Execute (sql)
And this creates a blob in the column thepassword.
And this is how I select it.
sql2 = "SELECT AES_DECRYPT(thepassword,'mypasskey2018') AS passw FROM personal"
set rs2 = conn.Execute (sql2)
do until rs2.eof
response.write rs2("passw")
rs2.movenext
loop
And it displays a lot of "??????????n"
But if I use mySqlWorkBench and run SELECT AES_DECRYPT(thepassword,'mypasskey2018') AS passw FROM personal then it selects and displays the passw column and I can see the right value.
So why am I only getting ??????????n when I try to display it in my .asp page?
Any input really appreciated, thanks.
SOLVED - Ok so I solved it finally. I had to use CONVERT USING UTF8 in my select like this. So now it is displaying the value from thepassword column as text.
select *,CONVERT(AES_DECRYPT(thepassword,'mypasskey2018' ) USING utf8) AS passw from personal
In order to fix the "???"'s to the real text, you may need to change your terminal settings to accept utf-8 (this procedure varies on vim, emacs, and putty). This will show values, though, like this:
select AES_ENCRYPT('testar encrypt texten', 'mypasskey2018');
+-------------------------------------------------------+
| AES_ENCRYPT('testar encrypt texten', 'mypasskey2018') |
+-------------------------------------------------------+
| ▒Xv^▒y▒▒▒▒v▒G▒▒▒▒:▒'▒▒Η▒РG' |
+-------------------------------------------------------+
But to select a readable VARBINARY value in MySQL, do not forget to use HEX(). Like this:
select HEX(AES_ENCRYPT('testar encrypt texten', 'mypasskey2018'));
+------------------------------------------------------------------+
| HEX(AES_ENCRYPT('testar encrypt texten', 'mypasskey2018')) |
+------------------------------------------------------------------+
| 05D758765EA5798296E3B5D876A24788A3F606A03A95278CFFCE97ADD0A04727 |
+------------------------------------------------------------------+
Depending on what you're doing, you may not need the HEX() at all, but at least with this you will be able to see the precise data that is actually being stored there hexadecimally.
If you're not sure if it's working, then check out a select on a decryption of an encrypted value. It seems to work to me:
select AES_DECRYPT(AES_ENCRYPT('testar encrypt texten', 'mypasskey2018'), 'mypasskey2018');
+-------------------------------------------------------------------------------------+
| AES_DECRYPT(AES_ENCRYPT('testar encrypt texten', 'mypasskey2018'), 'mypasskey2018') |
+-------------------------------------------------------------------------------------+
| testar encrypt texten |
+-------------------------------------------------------------------------------------+
If you're concerned about having to read and compare hex values, or if you're concerned about converting sensitive data to a readable format, there are some tricks we can do. For selecting a user account by password, for instance, you would do...
SELECT * FROM User WHERE User.Password = PASSWORD($user_input);
In this sense, if Password is "cool", I don't need to worry about that, or what it hashes or encrypts to. I can simply select by these means.
tldr: Can psql be altered to mimic the MySQL CLI w/ respect to improperly terminated statements?
In the MySQL CLI, when the user fails to properly terminate a statement, the prompt changes to indicate a semicolon was forgotten (indentation, adds ->):
MariaDB[(none)]> describe testing123
->
The Postgres psql CLI prompt doesn't change if a semicolon is forgotten:
zach=# \dt
List of relations
Schema | Name | Type | Owner
--------+------------+-------+-------
public | testing123 | table | zach
(1 row)
zach=# drop table testing123
zach-# ;
DROP TABLE
zach=#
Instead, you just don't see the expected confirmation message (in this case, DROP TABLE). So it's not nothing, but sorta a catch-22 if you don't know what message you should be looking for or if there is even a confirmation message at all for the command you're running.
\set PROMPT2 '-%# '
issue that at the start of your session, or you could add that to your .psqlrc file
I settled on updating .psqlrc to mimic the MySQL CLI by adding: \set PROMPT2 ' -> '
If you want a clue from psql about where your statement went wrong, another option is \set PROMPT2 '[more] %R > ' which tells you:
whether psql expects more input because the command wasn’t terminated yet, because you are inside a /* ... */ comment, or because you are inside a quoted or dollar-escaped string [ThoughtBot blog]
I am working on a SQL Developer-like application, in which user enters some SQL command and the result from the server is shown in a <div> on web page.
The problem is that user can enter ANY string, valid SQL or not, for example if an user sends select * from employees; I want to receive and display in
the <div> text EXACTLY as below :
+---------+----------+---------------+----------+
| user_id | username | full_name | password |
+---------+----------+---------------+----------+
| 1 | john | John Doe | admin |
And when he enters a bad SQL string, the <div> message should be the standard MySQL error strings , for example :
mysql> select * from usrsss;
ERROR 1146 (42S02): Table 'mydb.usrsss' doesn't exist
I know about security risk , I do not care about it at this point.
Can this be done, as I have no control on the SQL string syntax being sent by user?
First of all, the prompt you see there mysql> represents the MySQL Shell. This is not SQL or JDBC but a command line interface provided by MySQL.
This MySQL Shell allows you to execute:
SQL statements.
A variety of other statements that are NOT part of SQL.
The JDBC API you want to use will allow you to run the first group of statements -- the SQL statements. Unfortunately, it won't allow you to run the second one, so you are out of luck for this one.
Also, for the first group the JDBC API will provide error codes and error messages that are not exactly the same ones you see when using the MySQL Shell.
Bottom line, you can simulate some of these commands, but it will not be the exact same experience that you probably expect.
However... and this is a big one, why do you want to do this in the first place? One of my developers asked me if he could do this, since it's not difficult to implement; this way we could easily run any SQL command from the web page. Great? Well... no. This is a HUGE SECURITY RISK. If anyone hacks your web page, you would be exposing the whole database.
In other words, don't deploy this code to production.
If you are using java.sql.Connection,
create a statement first by using .createStatement().
use .executeQuery() for searching
and .executeUpdate() for inserts, updates and deletes
When searching identify the number of columns to create a table.
ResultSet rs = statement.executeQuery(String sql);
ResultSetMetaData metaData = rs.getMetaData();
In ResultSetMetaData,
.getColumnCount() will give you the column count.
in a for loop create the columns, while creating .getColumnName(int index) will give you the column name.
After creating the table, iterate the ResultSet,
while (rs.next()) {
rs.getString(int columnIndex);
}
use the above method to get values, and add rows to your table.
Don't forget to surround the code block with
try{
} catch(Exception e){
e.getMessage();
}
so if anything goes wrong you can get the SQLException thrown. That will include a message, the probable cause for the error.
Work your way out... Enjoy!
I just trying to make a partially catch-all email on my Postfix-mysql config.
I think have problem on the regexp.
I want to send all notify-*#domain.com to notify#domain.com
I use the following email request (letters and numbers are valid):
notify-([a-zA-Z0-9])#domain.com
But all times, Postfix tell me that User unknown in virtual mailbox table.
This is my Postfix config
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_maps_regexp.cf,
mysql:/etc/postfix/mysql_alias_domain_maps.cf
/etc/postfix/mysql_virtual_alias_maps_regexp.cf
user = postfixadmin
password = XXXXXXXXXXXX
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias WHERE '%s' REGEXP CONCAT('^',address,'$') AND SUBSTRING(address,1,1) != '#' AND x_regexp = '1'
I think the problem is in the email regexp, due not errors in the log file, and the mysql database have the corrected values.
I'm bot sure to fully understand your issue, but if you want to select email starting with notify-, followed by any number of letters/digits, you need to use:
notify-[a-zA-Z0-9]+#domain.com
[...] is a character class, it means "one character, one that's inside the list". So you need to allow repetition with +.
I have a name stored in the variable username and would like to pull users row information when I try
result = dbh.query("SELECT * FROM maintab WHERE user = '#{username}'")
I get no results. If I put in the username by hand however, it does return a result. How format my query so that I may use variables?
Try to debug this way:
username = "Peter" # any of your real name
result = dbh.query("SELECT * FROM maintab WHERE user = '#{username}'")
it should work. Looks like your username is nil or blank
Open up IRB and try to print what you have.
How does #{} behave with single quotes vs escaped double quotes?
That should answer your question.