SQL syntax [message #21252] |
Fri, 19 July 2002 14:04 |
Robt
Messages: 2 Registered: July 2002
|
Junior Member |
|
|
Hello everyone!
I am trying to figure out a solution for the following SQL error. It seems this (/////) is causing a type of buffer overrun on my db.
===============
ODBC Error Code = 51 ()
[[MERANT]][[ODBC MySql driver]][[MySql]]You have an error in your SQL syntax near 's%' and description LIKE '% backbone%' ORD' at line 8
SQL = ""SELECT itemID, upcCode, description, artist1, artist2, artist3, directorProducer, nowPrice, year, price, nowFlag FROM WWITEM
WHERE description LIKE '%devil\\\''s%' and description LIKE '%backbone%' ORDER BY description""
Data Source = ""PRODUCTS""
===============
Thank you in advance for your cooperation.
Your pal
Robt
|
|
|
Re: SQL syntax [message #21254 is a reply to message #21252] |
Fri, 19 July 2002 14:54 |
Todd Barry
Messages: 4819 Registered: August 2001
|
Senior Member |
|
|
I would suggest posting in a MySQL forum. The syntax is valid with Oracle, but since you are using another database - the problem is either with MySQL or with the ODBC driver.
|
|
|
Re: SQL syntax [message #21256 is a reply to message #21252] |
Fri, 19 July 2002 15:12 |
Robt
Messages: 2 Registered: July 2002
|
Junior Member |
|
|
Todd
Thanks for replying.
Were the ///'s in the query valid?
I almost have a feeling that someone is trying to break my db?
Your pal,
Robt
|
|
|
Re: SQL syntax [message #21258 is a reply to message #21256] |
Fri, 19 July 2002 16:00 |
Todd Barry
Messages: 4819 Registered: August 2001
|
Senior Member |
|
|
I can only speak for Oracle, not MySQL, but the syntax is valid and would only find rows with a column value of:
Note that the double single quotes in the supplied string will resolve to a single quote.
Although that syntax is valid, I would doubt that you have any data that looks just like that.
|
|
|