November 3, 2009 at 2:49 am
need help with a error
2009-11-02 23:39:58 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'wannatryme',2,203,'2-pac', 60,1405399****19, 614.520020,7.560000,1857.880005, '2009-11-02 23:39:58' ,113, 27937732585021112***100121,NULL,1,NULL,NULL,NULL,N ULL,NULL,NULL,'Heliy's Competence Lv1','PointItem','0,0,0,0,0,0','2009-11-02 23:39:58'
2009-11-02 23:40:00 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 's'., SQL STATE: 42000, NATIVE ERROR: 102 (0x66)
2009-11-02 23:40:00 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'wannatryme',2,203,'2-pac', 60,1405399****19, 614.520020,7.560000,1857.880005, '2009-11-02 23:40:00' ,113, 2793773284271915008,100118,NULL,1,NULL,NULL,NULL,N ULL,NULL,NULL,'Ritter's Power Lv1','PointItem','0,0,0,0,0,0','2009-11-02 23:40:00'
2009-11-02 23:42:52 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 's'., SQL STATE: 42000, NATIVE ERROR: 102 (0x66)
2009-11-02 23:42:52 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'wannatryme',2,203,'2-pac', 60,1405399****19, 614.520020,7.560000,1857.880005, '2009-11-02 23:42:52' ,113, 2793774048776224768,100124,NULL,1,NULL,NULL,NULL,N ULL,NULL,NULL,'Apostel's Ability Lv1','PointItem','0,0,0,0,0,0','2009-11-02 23:42:52'
2009-11-02 23:48:04 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 's'., SQL STATE: 42000, NATIVE ERROR: 102 (0x66)
2009-11-02 23:48:04 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'Xx.BurmeseG.xX',22,204,'Anti-Virus', 60,1405399****19, 267.672852,0.259726,1013.934692, '2009-11-02 23:48:04' ,117, 2793174252298240000,7136,0,NULL,NULL,NULL,NULL,NUL L,NULL,NULL,'Kazee's Teeth ','','0,0,0,0,0,0-2009-11-01 21:36:47','bag=1,slot=6'
2009-11-02 23:49:00 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 's'., SQL STATE: 42000, NATIVE ERROR: 102 (0x66)
2009-11-02 23:49:00 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'Xx.BurmeseG.xX',22,204,'Anti-Virus', 60,1405399****19, 269.786530,0.164816,1014.351868, '2009-11-02 23:49:00' ,118, 2793174252298240000,7136,204,NULL,NULL,NULL,NULL,N ULL,NULL,NULL,'Kazee's Teeth ','Anti-Virus','0,0,0,0,0,0','2009-11-01 21:36:47'
can somone help me with that many thnx :-):-)
November 3, 2009 at 2:58 am
Where is the query?
-Vikas Bindra
November 3, 2009 at 2:59 am
simple enough error, the values that you are trying to insert, have a quote inside. you need to replace the quote with two quotes. although there are other ways of fixing it.
this is one of the errors.
'Heliy's Competence Lv1'
and it might look like you have numeric values which are too big, which is indicated by the ******
--------------------------------------------------------------------------------------
[highlight]Recommended Articles on How to help us help you and[/highlight]
[highlight]solve commonly asked questions[/highlight]
Forum Etiquette: How to post data/code on a forum to get the best help by Jeff Moden[/url]
Managing Transaction Logs by Gail Shaw[/url]
How to post Performance problems by Gail Shaw[/url]
Help, my database is corrupt. Now what? by Gail Shaw[/url]
November 3, 2009 at 3:01 am
Hi
It's a typical SQL injection bug. You cannot insert "Heliy's Competence Lv1" without masking the ' . Do not generate dynamic SQL statements containing values by concatenating strings. If you work with .NET or Java the frameworks support using parameters which are made to make these kinds of bugs impossible.
Greets
Flo
Edit: Dang! I'm too slow...
November 3, 2009 at 3:07 am
It looks that you have few places with an apostrophe in the string (for example one of your parameters in the first error that you get is 'Heliy's Competence'). This leads to an error because the apostrophe in the middle of the string marks the end of the string, but the string continues. If you have an apostrophe in the middle of the string, you have to use 2 apostrophes instead of one. Instead of using the value 'Heliy’s Competence', use the value 'Heliy''s Competence'.
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
November 3, 2009 at 3:11 am
Adi Cohn-120898 (11/3/2009)
It looks that you have few places with an apostrophe in the string (for example one of your parameters in the first error that you get is 'Heliy's Competence'). This leads to an error because the apostrophe in the middle of the string marks the end of the string, but the string continues. If you have an apostrophe in the middle of the string, you have to use 2 apostrophes instead of one. Instead of using the value 'Heliy’s Competence', use the value 'Heliy''s Competence'.Adi
So i only need to do is change 'Heliy's Competence', to 'Heliy"s Competence',?
November 3, 2009 at 3:14 am
lamin.mha (11/3/2009)
Adi Cohn-120898 (11/3/2009)
It looks that you have few places with an apostrophe in the string (for example one of your parameters in the first error that you get is 'Heliy's Competence'). This leads to an error because the apostrophe in the middle of the string marks the end of the string, but the string continues. If you have an apostrophe in the middle of the string, you have to use 2 apostrophes instead of one. Instead of using the value 'Heliy’s Competence', use the value 'Heliy''s Competence'.Adi
So i only need to do is change 'Heliy's Competence', to 'Heliy"s Competence',?
It looks that way. Just give it a try.
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
November 3, 2009 at 3:16 am
Adi Cohn-120898 (11/3/2009)
lamin.mha (11/3/2009)
Adi Cohn-120898 (11/3/2009)
It looks that you have few places with an apostrophe in the string (for example one of your parameters in the first error that you get is 'Heliy's Competence'). This leads to an error because the apostrophe in the middle of the string marks the end of the string, but the string continues. If you have an apostrophe in the middle of the string, you have to use 2 apostrophes instead of one. Instead of using the value 'Heliy’s Competence', use the value 'Heliy''s Competence'.Adi
So i only need to do is change 'Heliy's Competence', to 'Heliy"s Competence',?
It looks that way. Just give it a try.
Adi
kk ill try when i come home... 🙂 thx alot guys who answered my question (sorry for my eng). I really mean i hope its work 🙂
November 3, 2009 at 2:03 pm
guys i have new problem..can u guys help me again?
2009-11-03 02:16:47 err=-1, [Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near 's'., SQL STATE: 42000, NATIVE ERROR: 102 (0x66)
2009-11-03 02:16:47 DBWrite::LogGame: err=-1, query=EXEC usp_Insert_Action_Log_E 'masterwulf',82,215,'EdnaMaeGean', 2,498,1, 1702.140625,38.937874,1752.825195, '2009-11-03 02:16:47' ,111, 2793960373047328768,15108,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
November 3, 2009 at 2:23 pm
As I told you, get rid of dynamic statements with values. And by the way, you should move away from ODBC if possible (if you work with Java or .NET, there are better data provider).
Anyway, the posted statement is not complete, because it ends with a comma. There must be more
Greets
Flo
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply