Query input must contain at least one table or query - sql

I'm really hoping that somebody could help me regarding this problem. I am using Microsoft Access 2007 to build some forms while connecting to my sql database. Everything seems ok except the forms inserting data in the database showing this kind of message
"Query input must contain at least one table or query"
I'm not finding where the exact problem is!! Can anyone give me any helpful advice what to do? I would really appreciate any kind of advice.
Thanks in advance.

What is the sql (you might find it in the logfile of the server)?
There might be a problem in the FROM part.

Related

What is the proper way to check if the sql code is working correctly?

After writing an sql statement with multiple joins I asked myself how I could test whether my code is working correctly.
I get some results but how can someone be sure that there are no entries missing?
One could look up in the table if all entries are there. But what if there are thousands of entries or the statement is just too complex for the human brain? I guess there must be some kind of standard or something like that to verify sql codes.
I googled but did only find some services that verify the syntax which is not what i am searching for.
How is this handled in the professional sql developer world?

Building a map/flowchart to better understand a database

I am interested in creating a map of my database, so that I may understand it better. I am having difficulties understanding which tables relate to other tables, and I think a map, or flowchart would help me greatly. Has anyone done this? If so, how did you accomplish it?
You can try SQL Server Management Studio Express. Just right click on Database Diagrams and create a new diagram. You can select existing tables that you desire.
You can follow an excellent guide step by step here.
If you have Microsoft visio, that's a good software in creating a flowchart.
I use Lucid Chart (www.lucidchart.com) occasionally because we don't have Visio either. They offer a free account, which works pretty well, apart from the limit on the number of items you can put in one document (I want to say it's a limit of 60 entities).

Having trouble with SQL injection

I am a noob when it comes to understanding some of the attacks in SQL injection. I am currently seeing this attack in my log and was wondering if anyone can help me understand what it means
SQL Injection:
410'union/**/select/**/1/**/from/**/(select/**/count(*),concat(floor(rand(0)*2),0x3a,(select/**/concat(user,0x3a,password)/**/from/**/pwn_base_admin/**/limit/**/0,1),0x3a)a/**/from/**/information_schema.tables/**/group/**/by/**/a)b/**/where'1'='1.
Dont understand this completely, but the select concat(user,0x3a,password) from pwn_base_admin clearly tries to get a concatenated string of user names and passwords, divided by a ":"
The concat(floor(rand(0)*2),0x3a,( roughly does the same... the result would be something like 1:aUserName:UsersPassword.
If you need further help please give some more details (RDBMS, the part before the "union"...)
Hope this helps
Someone is actively trying to gain unauthorized access to your system - they're hacking in.
I don't know how critical this system is, but if it is of any importance, you should probably take the system offline until you sort out the database access part of the code. The first place to look for solutions is using bind parameters instead of string concatenation for your sql queries.
There are many resources available that describe how to use bind variables for whatever RDBMS you're using, but here is one article I found to get you started:
http://use-the-index-luke.com/sql/where-clause/bind-parameters

About SQL CE and indexes

i have a question that i hope someone can answer. I`m making a application that need a database and since the target of this application is the regular user i want to make it simple for the user so he does not have to think about installing databases and etc.
So i decided to use SQL CE but as i saw it does not support indexes. So my question is how big may the database become before it queries start taking alot of time. The application shoud make between 500 and 3000 new records a day in a single tabale and no more then 5-20 records in 2 other tables.
So for how long you guys think it is going to work good and when it shall start making problems. And if you have any idea of alternative aproach please let me know.
Thanks for all the help in advance!
SQL Server Compact supports both unique and non-unique indexes. What makes you think it does not?

Is posting SQL code in forums a bad idea?

Is there any risk in posting SQL code from my company in these forums, or in any forums for that matter?
Specifically I am referring to examples of SQL queries. These queries obviously show joins to tables and different fields in my database tables.
The risk is pretty low, if:
you do not publish company's name or web address
there are no SQL injection waiting to be exploited in that SQL of yours
server itself is secure and pached
you do not publish connection credentials with your snippet
As long as it doesn't show proprietary information, SQL is SQL. I would always recommend sharing "fake" information for example data.
It should be easy to obscure relevant names, etc. Think of a good analogy and replace names with that. I don't think people care too much to try and "find you out". We're much more interested in solving your problem.
Only the connection information (username, password, IP, etc) is sensitive - without that information:
SELECT e.*
FROM EMPLOYEES e
...is quite safe. Neither I nor anyone else can delete anything in your tables.
I don't recommend abstracting things too much when posting questions - some details can make all the difference to determine the issue you're encountering.