Attempting to perform operations with a random integer in SQL.
The following code works perfectly as intended when run as pure SQL, but triggers a syntax error when attempting to save it into a stored procedure.
SET #sample_count = (SELECT count(*)
FROM cinder_sample);
SELECT #sample_count;
SET #random_ID = (SELECT FLOOR(RAND()*#sample_count));
SELECT #random_ID;
Any ideas as to what could be going wrong?
The exact error triggered is:
"The following query has failed: "CREATE DEFINER=root#localhost PROCEDURE play_random_sp() NOT DETERMINISTIC CONTAINS SQL SQL SECURITY DEFINER DELIMITER // SET #sample_count = (SELECT count() FROM cinder_sample)// SELECT #sample_count// SET #random_ID = (SELECT FLOOR(RAND()#sample_count))// SELECT #random_ID"
MySQL said: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '// SET #sample_count = (SELECT count(*) FROM cinder_sample)// SELECT' at line 1"
Related
New to SQL and trying to run this code and I get the error "#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '#Qtable TABLE(Qid INT) END' at line 3". The code runs fine if I take out the DECLARE statement;
SET #query_id = (SELECT ID from ua820988_dev.users WHERE `email` = 'example#gmail.com');
CREATE PROCEDURE query_requests()
BEGIN
DECLARE #Qtable TABLE(Qid INT)
END;
SELECT * from ua820988_dev.requests WHERE `match` = #query_id;
SELECT * from ua820988_dev.requests_archive WHERE `match` = #query_id;
I'm hoping to eventually put the results from the 2nd and 3rd SELECT statements into the table, but this is the watered down version for now just trying to get the code to run. I'm running SQL 5.6 on MariaDB 10.2.
i am pentester and i am testing error-based sql injection in limit clause on my MariaDB 5.5.65 server. There is some trouble.
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,select '123',0x7178627171)),1);
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'select '123',0x7178627171)),1)' at line 1
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,'123',0x7178627171)),1);
ERROR 1105 (HY000): XPATH syntax error: '\qjjkq123qxbqq'
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,database(),0x7178627171)),1);
ERROR 1105 (HY000): XPATH syntax error: '\qjjkqinformation_schemaqxbqq'
I can retrieve information like database() and version(), but can't use select. Is this feature of MariaDB? Can i bypass this or it's impossible to use select in procedure analyse in MariaDB server?
If you want to use select to return a scalar value in an expression, you have to put it in parentheses to make it a scalar subquery:
EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,select '123',0x7178627171))
Should be:
EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,(select '123'),0x7178627171))
In this example, that still results in an XPATH error, but that's independent of the question you asked.
I am working on a SSIS package that rejects already loaded files & load only new files to table.
I used for each loop and exceute SSQL to validate if the files are already loaded. When I evaluate
the expression of Execute SQL Task, it evaluates fine. But When I run the paackage I get the following error.
[Execute SQL Task] Error: Executing the query "DECLARE #FileName VARCHAR(100)
SET #FileName=Custo..." failed with the following error: "Incorrect syntax near ''.".
Possible failure reasons: Problems with the query, "ResultSet" property not set correctly,
parameters not set correctly, or connection not established correctly.
The Expression I used in the Execute SQL task is :
"DECLARE #FileName VARCHAR(100)
SET #FileName="+#[User::FileName]+"'
IF EXISTS (SELECT 1
FROM [dbo].[FileLoadStatus]
WHERE filename =#FileName)
BEGIN
SELECT 1 AS FileExistsFlg
END
ELSE
BEGIN
Select 0 AS FileExistsFlg
END"
screen shot of the execute SQL Task
I really apprecaite if you can tell where the problem is ?
You could simplify your expression a little bit to make clear where the SSIS variable is being used:
"SELECT COUNT(*) AS FileExistsFlg
FROM (
SELECT TOP(1) *
FROM
dbo.FileLoadStatus
WHERE
[filename] = '" + #[User::FileName] + "'
) x;"
On the other hand for the SQL Task you could use a standard parameterized query. Assuming you are using an OLEDB connection, the parameter placeholder is the ? sign. No expression is needed and the equivalent Direct Input for the task is:
SELECT COUNT(*) AS FileExistsFlg
FROM (
SELECT TOP(1) *
FROM
dbo.FileLoadStatus
WHERE
[filename] = ?
) x;
With OLEDB you have to map your variable to the placeholder by position (zero based) so in this case the Parameter Name is the number zero. The other properties depend on your metadata and correspond to the variable you would have declare in SQL...
This is less error prone, clearer and reusable for multiple calls as it generates a Prepared Statement.
If your connection type was ADO.Net, the mapping is name based. So check the documentation for the Parameter names and markers for each connection type.
I'm pretty new on Firebird.. trying to write a query that drops the table if exists through IBOConsole.
I have written the following sql statement,
EXECUTE block as
BEGIN
if (exists(
SELECT 1 FROM RDB$RELATIONS Where RDB$RELATION_NAME = 'ZZGTTUNIQUEID'))
then
execute statement 'DROP TABLE ZZGTTUNIQUEID';
END
but getting the following result..
ISC ERROR CODE:335544569
ISC ERROR MESSAGE:
Dynamic SQL Error
SQL error code = -104
Unexpected end of command - line 6, column 19
i'm not sure what might be wrong?
In IBOConsole I also experienced problems using the EXECUTE BLOCK statement, resulting in a 'Problem in BindingCursor' message and not executing the statement on the database. Use IBExpert's script executive or FlameRobin instead and it will work.
I'm confounded. The following MySQL query:
SET #a := 0;
SELECT *
FROM users;
Gives the error:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT * FROM users' at line 2`
When I switch the order of the statements, I get the same error, again on line 2 (even though I switched them)
However, either line by themselves runs fine. What could possibly cause this?
I bet you're trying to perform this query in the mysql_query() (or some similar function from any programming language), but it accepts only single query. So the solution is to split this queries into 2 calls.
you can do it in one query as follows:
The trick
select #a:=#a+1, u.*
from
users u
join (select #a:=0) a
or be adventerous and use a stored procedure so it's always a single call :P
Stored procedure
drop procedure if exists list_users;
delimiter #
create procedure list_users()
begin
set #a = 0;
select #a:=#a+1, u.* from users u;
end #
delimiter ;
call list_users();
PHP script
$conn = new mysqli("localhost", "foo_dbo", "pass", "foo_db", 3306);
$result = $conn->query("call list_users()");
while($row = $result->fetch_assoc()){
...
}
$result->close();
$conn->close();