How can I validate SQL query syntax in oracle database? - sql

set NOEXEC ON;
Select * from emp;
Set NOEXEC OFF;
This validation is working in SQL Server. But It's not working in oracle.
Is there any syntax to check the query is valid or not in Oracle.

Using EXPLAIN PLAN
EXPLAIN PLAN FOR SELECT FROM emp;
ERROR at line 1: ORA-00936: missing expression
EXPLAIN PLAN FOR SELECT * FROM emp;
Explained

Related

MariaDB 5.5.65 sql injection

i am pentester and i am testing error-based sql injection in limit clause on my MariaDB 5.5.65 server. There is some trouble.
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,select '123',0x7178627171)),1);
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'select '123',0x7178627171)),1)' at line 1
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,'123',0x7178627171)),1);
ERROR 1105 (HY000): XPATH syntax error: '\qjjkq123qxbqq'
MariaDB> select * from tables where 1=1 limit 1,1 procedure analyse(EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,database(),0x7178627171)),1);
ERROR 1105 (HY000): XPATH syntax error: '\qjjkqinformation_schemaqxbqq'
I can retrieve information like database() and version(), but can't use select. Is this feature of MariaDB? Can i bypass this or it's impossible to use select in procedure analyse in MariaDB server?
If you want to use select to return a scalar value in an expression, you have to put it in parentheses to make it a scalar subquery:
EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,select '123',0x7178627171))
Should be:
EXTRACTVALUE(1370,CONCAT(0x5c,0x716a6a6b71,(select '123'),0x7178627171))
In this example, that still results in an XPATH error, but that's independent of the question you asked.

Microsoft SQL Server Error: "Incorrect syntax near keyword Select"

Unsure what syntax the error is referring to at this statement :-
Use MyDatabase
CREATE TABLE TestTable
AS (SELECT * FROM dbo.MyTable);
Any help is appreciated!
The dbo suggests that you are using SQL Server. The syntax error is that this syntax is not supported.
The equivalent syntax in SQL Server is:
SELECT *
INTO TestTable
FROM dbo.MyTable;
You need to use like below. The one you are using is Oracle syntax.
Use MyDatabase
Go
SELECT * INTO TestTable FROM dbo.MyTable
GO

Linked Server: MO_GLOBAL.SET_POLICY_CONTEXT('S', 83);

I have a linked server (SQL Server 2008 to Oracle) and would like to know how to execute this statement before I query the data:
MO_GLOBAL.SET_POLICY_CONTEXT('S', 83);
I can query the data using this:
Select * from OPENQUERY (linkedservername, 'Select * from tablename')
But I'm not sure how to incorporate the set_policy_context statement. Appreciate any feedback.
Here's the correct statement:
EXECUTE('BEGIN apps.MO_GLOBAL.SET_POLICY_CONTEXT(''S'', 83); END;') at tablename;

SQL Job error with OPENQUERY

I am trying to run a SQL job with this TSQL script, and the following error is raised. The code runs well in a query window!
What is the problem with this code in the sql job?
SELECT *
FROM OPENQUERY("192.168.1.1",'SET FMTONLY OFF; EXEC spNewTest #Param1 = ''Test1''')
Error Message:
Executed as user: DOMAIN\USER. Incorrect syntax near '192.168.1.1'. [SQLSTATE 42000] (Error 102)
Regards,
Elio Fernandes
Use this
SELECT * FROM OPENQUERY('192.168.1.1','SET FMTONLY OFF; EXEC spNewTest #Param1 = ''Test1''')
instead of this
SELECT * FROM OPENQUERY("192.168.1.1",'SET FMTONLY OFF; EXEC spNewTest #Param1 = ''Test1''')
EDIT: The difference between simple comma and double comma is that the second one isn't use it in SQL Server, this post from Vineet in 2010 can support the answer
What is the difference between single and double quotes in SQL?
Thanks Charlie Fish for the observation
I just replaced the double quotes with squares brackets [192.168.1.1] and the job is running as expected.
Thanks.

I cannot execute sql statment dynamically which has into clause

I am executing this sql statement dynamically in oracle using EXECUTE IMMEDIATE statement. But when I Do this I get an error 'missing keyword'. I have declare the RULECOUNT variable as NUMBER. When I remove the INTO statement, the sql statement appears to get executed properly.
SELECT COUNT(DISTINCT RULE_ID) INTO RULECOUNT FROM(
SELECT
distinct a.RULE_ID, Rule_Name, Applicability,
Rule_Type, KPI_NAME, BT, DT, Authorised_User,
Rule_Date_of_Creation
from vw_rule_detail_search a WHERE a.Applicability = 'No' order by a.BT
desc);
I don't know what is happening, can anyone good in oracle help me find what I am missing.
I found solution to my problem. I should not have used INTO statement in select statement while executing with execute immediate.
I should have used like this
EXECUTE IMMEDIATE statement INTO RuleCount;