I am writing a project and using generation sql for testing, but SQLite explains to my code.
INSERT INTO Categories
(CategoryId, Name, UrlName, CategoryIndex)
VALUES
('b2cc232c-0d5c-4f35-bb6f-29c67d7d40c2', 'Using Forums', 'usingforums', 0),
('ad9b355d-77bf-4a30-b3fe-7d562df2899f', '.NET Development', 'netdevelopment', 1),
('c4882e5e-4eb5-4e5e-b73a-3bf358bda60e', 'Visual Studio', 'visualstudio', 2),
('8c611ec3-5c2c-45c2-be01-6595b43155ee', 'Visual C#', 'visualcsharp', 3),
('c96cea21-de98-4d68-b22b-90eea66d6b77', 'Visual C++', 'visualcpp', 4),
('c6fb52d5-d4c6-48c2-8892-75f9cb330106', 'Architecture', 'architecture', 5),
('20616eb8-2273-449b-8f65-a49621b92ea4', 'SQL Server', 'sqlserver', 6)
Error:
SQL Execution Error.
Executed SQL statement: INSERT INTO Categories...
Error Source: System.Data.SQLite
Error Message: SQLite error
near "," syntax error
Schema of this table:
table Categories (
CategoryId UNIQUEIDENTIFIER not null,
Name TEXT not null,
UrlName TEXT not null,
CategoryIndex INTEGER not null,
primary key (CategoryId)
)
Why?
SQLite doesn't allow you to insert multiple rows with the values clause.
Try a union all select instead:
INSERT INTO Categories
(CategoryId, Name, UrlName, CategoryIndex)
select 'b2cc232c-0d5c-4f35-bb6f-29c67d7d40c2', 'Using Forums', 'usingforums', 0
union all select 'ad9b355d-77bf-4a30-b3fe-7d562df2899f', '.NET Development', 'netdevelopment', 1
....
SQLite doesn't support the multi-values insert syntax - that's a MySQL extension to SQL syntax. You'll have to rewrite this as one-query-per-value-set, so 7 different queries.
Because your SQL is not valid. You can only insert a single tuple of values in each INSERT statement.
I don't think anyone here has answered thew question - 'why does sql lite complain...' because if you look at the sqlite documentation, it DOES allow multiple values on insert: http://www.sqlite.org/lang_insert.html, excerpt:
"The first form (with the "VALUES" keyword) creates one or more new rows in an existing table."
So what is wrong with this code?
INSERT INTO "roles" ("description", "name", "rid") VALUES ('Administrator','admin',2), ('Member','member',3)
gies this error: Query Error: near ",": syntax error Unable to execute statement
but this works:
INSERT INTO "roles" ("description", "name", "rid") VALUES ('Administrator','admin',2)
For future reference SQLite has somewhat recently added a feature which allows for multiple entries per query delimited by commas as in your example. See user2241515s answer for further info and link.
That said, I have tested this. With new versions of SQLite3 it does work ( 3.7.11+ ) from the console, at least in my case. The problem is it will probably take a while for various SQL parsers to catch up. As an example, I am using Qt for this. The same statement that works in console does not work when executed by a Qt application. The error is the same as above:
Database error: near ",": syntax error Unable to execute statement
Another possible issue is that SQLite does not allow for large queries (I think the limit is around 500 created rows per query right now). But the error for that looks different.
Related
I am using a h2 database to run my tests and i need to insert some default values in the database prior to testing. I'm trying to write an sql script for this however, i am having an issue inserting a uuid as a value into the relevant table.
I tried inserting the uuid as follows; insert into user_profile_table (profile_id, user_id) values (1, 'c80d54d3-500d-4539-9479-8e8961477193'); however i get an JdbcSQLDataException error stating: Value too long for column.
I assumed this is because the user_id column type is BINARY(16) so i decided to try the following query insert into user_profile_table (profile_id, userkeycloak_id) values (1, UNHEX(REPLACE('c80d54d3-500d-4539-9479-8e8961477193', '-',''))); however, then i get an error stating: JdbcSQLSyntaxErrorException: Function "UNHEX" not found; SQL statement. I read online that the h2 DB does not support the unhex function. I tried to look for others means of converting the the uuid to a format compatible with the h2 database but havent had any luck finding a viable solution.
Hence, my question is: is there any query i can use to insert the uuid (in a BINARY(16)) format into the h2 db table? Any suggestions would be highly appreciated.
To insert a UUID value into BINARY(16) column you can use standard binary string literals in both MySQL and H2:
insert into user_profile_table (profile_id, user_id)
values (1, X'c80d54d3500d453994798e8961477193');
try this solution by microsoft : https://learn.microsoft.com/en-us/sql/t-sql/data-types/uniqueidentifier-transact-sql?view=sql-server-ver16
Im unable to insert multiple records in a single transaction. Im using foreach in mapper and I'm getting incorrect syntax near ','.
I googled and found, in sybase it's not possible to insert multiple rows in sybase.
Insert statement looks like:
insert into Student(id,name)
values (1, Jon), (2,mike),(3,sam)
Comma next to value statement, is creating issue.
I'm trying to insert some data into a SQL Server table I created from scratch and cannot add the two values I would like to add which is 'Technology Question' under the column technology questions nor am I able to enter a time stamp under my time_entered column.
I'm basically trying to create a Microsoft SQL Server database to eventually take over the existence of an existing SQLite3 database so in my early test case here I am attempting to pull in one piece of data from the existing SQLite3 table into the SQL Server table.
I have tried changing the syntax around in as many ways as I can think of but am failing to get anywhere e.g. ensuring single quote tick around data values etc.
select * from questiontype
select [Technology Questions], time_entered
from questiontype
INSERT INTO questiontype ([Technology Questions], time_entered)
VALUES ('Technology Question', '2019-03-23 16:59')
I was hoping to see the data values 'Technology Question', '2019-03-23 16:59' in their respective columns within the SQL Server table 'questiontype'
When I try to do above I get the following,
Msg 8152, Level 16, State 4, Line 6
String or binary data would be truncated
Multiple issues but had to set column name to be ID instead of 'INT' and had to make sure it held the identity property. Also had to increase the character limitation for each column.
I am am using sql server 2005 and doing a simple insert into and getting an incorrect syntax error. I See nothing wrong with my code Can someone give me some ideas what could be wrong with it?
insert into inonhd
(fpartno,fpartrev,flocation,fonhand,fcudrev)
Values
('CRV109','1','11','01','1'),
('CRV110','0','11','01','0')
the error is Incorrect syntax near ','.
You must add each row in separate command.
insert into inonhd
(fpartno,fpartrev,flocation,fonhand,fcudrev)
Values
('CRV109','1','11','01','1')
and:
insert into inonhd
(fpartno,fpartrev,flocation,fonhand,fcudrev)
Values
('CRV110','0','11','01','0')
It is really important to note that the syntax in the question is fine for more recent versions of SQL Server. This is acceptable:
insert into inonhd(fpartno, fpartrev, flocation, fonhand, fcudrev)
Values ('CRV109','1','11','01','1'),
('CRV110','0','11','01','0');
If you want to do this in one statement, you can use select . . . union all:
insert into inonhd(fpartno, fpartrev, flocation, fonhand, fcudrev)
select 'CRV109','1','11','01','1' union all
select 'CRV110','0','11','01','0';
Of course, multiple inserts are another possibility.
I'm currently testing Vulnerabiltys to SQL Injections for my companys application as an it-trainee.
So I found, that the application is indeed vulnerable to injections because I can alter some of the insert statements.
So I altered the insert Statement to this:
INSERT INTO tablename( column, column1, column2, column3, column4,column5, column6, column7, column8 )
VALUES ( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100',
18);
DELETE *
FROM tablename;-- , 2023,'a', CURRENT_DATE, 'v0201100', 18 )
I thought this should be a correct statement, but the MySQL Server returned this Error:
MySQL Error: 1064 (You have an error in your SQL syntax;[...]
Would be nice if somebody could help and tell my why the syntax is wrong...
Thanks for your help :-)
Edit:
Thanks for all your answers. :) Unfortunatly the * wasn't the Problem.
I tried to execute the statement (statement is executed by php) without the delete part
so the statement looks like this:
[...] VALUES( 10963455, 182951959, 23, 23,2023, '', CURRENT_DATE, 'v0201100', 18)--, 2023, '', CURRENT_DATE, 'v0201100', 18 )
But even then the MySQL Server returned the Same Error.
Here is the Full Error Message:
MySQL Error: 1064 (You have an error
in your SQL syntax; check the manual
that corresponds to your MySQL server
version for the right syntax to use
near '--, 2023, '', CURREN' at line
17) Session halted.
Would really appreciate it if anyone knew the problem.
If that sample chunk of query is executed in a SINGLE ->query() call, MySQL's driver doesn't allow multiple queries within a single query call. It eliminates the bobby tables type injection attacks, but doesn't prevent injecting values that would manipulate where clauses and whatnot.
Having a look at the MySQL spec for DELETE, there is no suggestion that you can include * immediately proceeding the DELETE statement. Try removing it.
The * is used in a select statement to select all columns. Specifying it here makes no sense, as you are deleting rows.
I believe the -- commented-out line will be ignored by the parser (I would certainly expect it to be), so that bit of code should be ok. If in doubt remove it as a test.
When I split your sql statement on multiple lines using ; as seperator, I get:
1) VALUES( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100', 18);
2) DELETE * FROM tablename;
3) -- , 2023, 'a', CURRENT_DATE, 'v0201100', 18 )
To me, 3) doesn't look like valid sql to me...
MySQL doesn't allow a delete query without a where statement. You can use:
DELETE * FROM tablename WHERE 1 = 1
You may also have to remove the * after delete, it doesn't look like MySQL supports that.
#freddy: DELETE * FROM tablename should be DELETE FROM tablename.
ANSI SQL definition for DELETE statements does not include an asterix *
Try, DELETE FROM tablename
Additionally you are using a SQL-Injection. The reason why SQL-Injections are possible at your company is a secret (just use preapred statements), but this isn't the question. Most SQL-Injections are caused by using mysql_query() without filtering/escaping. mysql_query() allows only 1 query. There has to be mysql_multi_query() if this should work.
Modifying data in SELECT-Statements is prohibited by MySQL.