SQLInjection how i can inject this target - sql-injection

my target is: target.com/n=2&b=exam&c=ABC' (Inject Here)
so then i put ' in URL's end i see this error:
Error accrues:
SQL Query: SELECT Level, Code, Name FROM `tbl_field` WHERE Level<3 ORDER BY Code ASC ORDER BY Year DESC LIMIT 0 , 10
Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY Year DESC LIMIT 0 , 10' at line 1
Code: 42000
File: /var/www/vhosts/target.com/httpdocs/db/db.php
Line: 98
now help me
i can not inject its... i try with sql but not working...
i know first must my query be balance.. but i can't... help me

Related

Cannot drop existing index

Service I'm using is DB2 on cloud.
I have created an index but didn't specify the schema
CREATE INDEX IDX_TAB1     
ON SCHEMA1.TAB1 (RECLASS_MONTH DESC)
;
It was created in the following INDSCHEMA
SELECT * FROM syscat.indexes
WHERE TABNAME ='TAB1'
INDSCHEMA
INDNAME
TABSCHMA
506TEFMHSB
IDX_TAB1
SCHEMA1
I want to drop it and specify the schema,
however running the following DROP sql gives me error
DROP INDEX "506TEFMHSB".IDX_TAB1
;
Error message
"506TEFMHSB.IDX_TAB1" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=4.27.25
Or
DROP INDEX IDX_TAB1
;
Error message
"506TEFMHSB.IDX_TAB1" is an undefined name.. SQLCODE=-204, SQLSTATE=42704, DRIVER=4.27.25
Not sure how I'm supposed to drop this, any help will be appreciated
Apparently this worked for some reason
DROP INDEX "506TEFMHSB".IDX_COGNOS_COMPLIANCE_DASHBOARD_DATA     ;
I'm not sure whether there was some issue with the fact that I used newline between the end of the statement and the semicolon and the whitespace inbetween...but the issue is solved

Redshift Correlated Subquery within copy command

I am trying to query from a table within a copy command however, I have continually gotten errors. Here is the example SQL statement.
copy schema.table
from 's3://bucket/folder`
iam_role (select value from roles.iam where key = 'IAMRole');
The inner select statement on its own returns a value however, when I run the above, I get the following error:
SQL Error [500310] [42601]: [Amazon](500310) Invalid operation: syntax error at or near "("
The COPY command, as you must suspect, does not support embedded SQL.
If you want to do something like this, you can, but you'll need a procedure.

Continue sql statement after an error in postgresql database

I am working on a view which this is its sql
-- DROP VIEW bd_segment_id;
CREATE OR REPLACE VIEW bd_segment_id AS
SELECT final.gid,
row_number() OVER (ORDER BY final.gid) AS row_number,
degrees(st_azimuth(ff.sp, ff.ep) - 1.57079633::double precision) AS az_deg,
st_length(ff.st_makeline) AS st_length,
ff.st_makeline
FROM bd_segment_geom ff
JOIN final ON st_touches(ff.st_makeline, final.geom)
GROUP BY final.gid, ff.sp, ff.ep, ff.st_makeline;
ALTER TABLE bd_segment_id
OWNER TO postgres;
while running each query of this table I have faced this error
ERROR: GEOSTouches: TopologyException: side location conflict at 553655.77720000315 3474241.5185000021
********** Error **********
ERROR: GEOSTouches: TopologyException: side location conflict at 553655.77720000315 3474241.5185000021
SQL state: XX000
Is there any way for sql to pass errors and continues to do the rest of sql?I know the problem is an internal error but I want sql jump of it..
I have searched and found this in section 39.6.6. Trapping Errors is says how we can use an EXCEPTION clause but I don't know how to write handler_statements that says sql to continue.
I need sth like try catch in C# or jave
can some one please help me with this problem?
thank you

Dreamfactory: Database connection to Postgres

First I set up the dream factory by "Bitnami Installer for Windows". Following to https://github.com/dreamfactorysoftware/dsp-core/wiki/Install-Microsoft-Windows
Then I follow this add-a-rest-api-to-any-sql-db-in-minutes to add Services to my Remote Postgres Database.
On the "API Docs" tab, it is success to call the GET /db operation. ( getTables() - List all table names).
I got the following error when trying to call GET /db/{table_name} operation ( getRecordsByFilter() - Retrieve one or more records by using a filter).
Please help
[app][ERROR ] CDbCommand::fetchAll() failed: SQLSTATE[42601]: Syntax error: 7 ERROR: syntax error at or near "field_name"
LINE 1: SELECT k.column_name field_name
^. The SQL statement executed was: SELECT k.column_name field_name
FROM "information_schema"."key_column_usage" k
LEFT JOIN "information_schema"."table_constraints" c
ON k.table_name = c.table_name
AND k.constraint_name = c.constraint_name
WHERE c.constraint_type ='PRIMARY KEY'
AND k.table_name = :table
AND k.table_schema = :schema.
Please check the version of PostgreSQL you are connecting to. It turns out that omission of as keyword is supported starting from 8.4.
Here's a quote from 8.4 release notes section E.23.3.3. Queries:
Allow AS to be optional when specifying a SELECT (or RETURNING) column
output label (Hiroshi Saito)
This works so long as the column label is not any PostgreSQL keyword;
otherwise AS is still needed.
Therefore SELECT k.column_name field_name is not valid for 8.3 and below, but SELECT k.column_name AS field_name would work.
If PostgreSQL version is the cause of your problem you have several options:
update the database to 8.4 and above;
patch the Dreamfactory codebase yourself to work around this problem;
raise a ticket in Dreamfactory's bug tracker and wait them to fix it for you.

SELECT pgr_nodeNetwork query fails

I am working on windows, and have enabled the extension postgis, pgrouting on database. I have postgreSQL 9.4 installed and i am using the data from boundless workshop (http://workshops.boundlessgeo.com/tutorial-routing/).
SELECT pgr_nodeNetwork('edges',0.001,'geom','gid','noded')
when I run this query, it runs about 1minute and after that time it results in FAIL. How can I solve this issue? My pgr_createTopology query has been successfully run.
NOTICE: PROCESSING:
NOTICE: pgr_nodeNetwork('edges',0.001,'geom','gid','noded')
NOTICE: Performing checks, pelase wait .....
NOTICE: Processing, pelase wait .....
ERROR: line_locate_point: 1st arg isnt a line
CONTEXT: SQL statement "create temp table inter_loc on commit drop as ( select * from (
(select l1id, l2id, st_linelocatepoint(line,source) as locus from intergeom)
union
(select l1id, l2id, st_linelocatepoint(line,target) as locus from intergeom)) as foo
where locus<>0 and locus<>1)"
PL/pgSQL function pgr_nodenetwork(text,double precision,text,text,text) line 184 at EXECUTE statement
********** Error **********
ERROR: line_locate_point: 1st arg isnt a line
SQL state: XX000
Context: SQL statement "create temp table inter_loc on commit drop as ( select * from (
(select l1id, l2id, st_linelocatepoint(line,source) as locus from intergeom)
union
(select l1id, l2id, st_linelocatepoint(line,target) as locus from intergeom)) as foo
where locus<>0 and locus<>1)"
PL/pgSQL function pgr_nodenetwork(text,double precision,text,text,text) line 184 at EXECUTE statement
I ran into this issue in my project and I was stuck on it for hours trying to figure out what was causing it AND how to fix it. I will describe my situation and how I fixed it so hopefully, it helps someone else in the future.
I am using ogr2ogr to import a Shapefile into my database and I was using the -nlt PROMOTE_TO_MULTI as one of my arguments during my import; this caused my geometries to be imported as MultiLineStrings.
From the behavior I've observed and what others have mentioned (and more people), the pgr_nodeNetwork() function does not play nicely with MutliLineStrings.
Since MultiLineStrings won't work for routing, I took the SQL from dkastl's answer and ran it on my data to see if I actually needed MultiLineStrings or if I could just work with LineStrings.
SELECT
COUNT(
CASE WHEN ST_NumGeometries(geom) > 1 THEN 1 END
) AS multi,
COUNT(geom) AS total
FROM network_nodes;
After running that, I found that I had zero need for MultiLineStrings so I reimported my Shapefile with ogr2ogr using -nlt LINESTRING instead and then was able to run pgr_nodeNetwork() without problems.