subject:"Break from the SQL Injection thread.... weird SQL error"

Break from the SQL Injection thread.... weird SQL error

2008-08-08 Thread Scott Stewart

[Macromedia][SQLServer JDBC Driver][SQLServer]Line 28: Incorrect syntax 
near '@P10'.

I haven't the foggiest idea what's going on here.

here's the passed in params from the java trace:

(param 1) = [type='IN', class='java.lang.String', value='Elmer', 
sqltype='cf_sql_varchar'] ,
(param 2) = [type='IN', class='java.lang.String', value='J', 
sqltype='cf_sql_varchar'] ,
(param 3) = [type='IN', class='java.lang.String', value='Fudd', 
sqltype='cf_sql_varchar'] ,
(param 4) = [type='IN', class='java.lang.String', value='0', 
sqltype='cf_sql_varchar'] ,
(param 5) = [type='IN', class='java.lang.String', value='0', 
sqltype='cf_sql_varchar'] ,
(param 6) = [type='IN', class='java.lang.String', value='0', 
sqltype='cf_sql_varchar'] ,
(param 7) = [type='IN', class='java.lang.String', 
value='[EMAIL PROTECTED]', sqltype='cf_sql_varchar'] ,
(param 8) = [type='IN', class='java.lang.String', value='703-555-1212', 
sqltype='cf_sql_varchar'] ,
(param 9) = [type='IN', class='java.lang.String', value='3120', 
sqltype='cf_sql_varchar'] ,
(param 10) = [type='IN', class='java.lang.String', value='Academic 
Advising', sqltype='cf_sql_varchar'] ,
(param 11) = [type='IN', class='java.lang.Boolean', value='false', 
sqltype='CF_SQL_BIT'] ,
(param 12) = [type='IN', class='java.lang.Boolean', value='false', 
sqltype='CF_SQL_BIT'] ,
(param 13) = [type='IN', class='java.lang.String', value='Web', 
sqltype='cf_sql_varchar'] ,
(param 14) = [type='IN', class='java.lang.Boolean', value='true', 
sqltype='CF_SQL_BIT'] ,
(param 15) = [type='IN', value='null', sqltype='CF_SQL_DATE'] ,
(param 16) = [type='IN', class='java.lang.String', value='{d 
'2008-08-08'}', sqltype='CF_SQL_DATE']

It's just a simple insert, and everything lines up (I think)

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310567
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Break from the SQL Injection thread.... weird SQL error

2008-08-08 Thread Mosh Teitelbaum

Scott:

That error usually indicates an error with the query itself, not necessarily
an error with the value passed in.  For example, you may be missing a comma
after the 10th parameter (i.e., the 10th cfqueryparam).  Send the SQL code
from the debug info and let's see what we can do.

--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
WWW: http://www.evoch.com/


 -Original Message-
 From: Scott Stewart [mailto:[EMAIL PROTECTED]
 Sent: Friday, August 08, 2008 4:04 PM
 To: CF-Talk
 Subject: Break from the SQL Injection thread weird SQL error
 
 [Macromedia][SQLServer JDBC Driver][SQLServer]Line 28: Incorrect syntax
 near '@P10'.
 
 I haven't the foggiest idea what's going on here.
 
 here's the passed in params from the java trace:
 
 (param 1) = [type='IN', class='java.lang.String', value='Elmer',
 sqltype='cf_sql_varchar'] ,
 (param 2) = [type='IN', class='java.lang.String', value='J',
 sqltype='cf_sql_varchar'] ,
 (param 3) = [type='IN', class='java.lang.String', value='Fudd',
 sqltype='cf_sql_varchar'] ,
 (param 4) = [type='IN', class='java.lang.String', value='0',
 sqltype='cf_sql_varchar'] ,
 (param 5) = [type='IN', class='java.lang.String', value='0',
 sqltype='cf_sql_varchar'] ,
 (param 6) = [type='IN', class='java.lang.String', value='0',
 sqltype='cf_sql_varchar'] ,
 (param 7) = [type='IN', class='java.lang.String',
 value='[EMAIL PROTECTED]', sqltype='cf_sql_varchar'] ,
 (param 8) = [type='IN', class='java.lang.String', value='703-555-1212',
 sqltype='cf_sql_varchar'] ,
 (param 9) = [type='IN', class='java.lang.String', value='3120',
 sqltype='cf_sql_varchar'] ,
 (param 10) = [type='IN', class='java.lang.String', value='Academic
 Advising', sqltype='cf_sql_varchar'] ,
 (param 11) = [type='IN', class='java.lang.Boolean', value='false',
 sqltype='CF_SQL_BIT'] ,
 (param 12) = [type='IN', class='java.lang.Boolean', value='false',
 sqltype='CF_SQL_BIT'] ,
 (param 13) = [type='IN', class='java.lang.String', value='Web',
 sqltype='cf_sql_varchar'] ,
 (param 14) = [type='IN', class='java.lang.Boolean', value='true',
 sqltype='CF_SQL_BIT'] ,
 (param 15) = [type='IN', value='null', sqltype='CF_SQL_DATE'] ,
 (param 16) = [type='IN', class='java.lang.String', value='{d
 '2008-08-08'}', sqltype='CF_SQL_DATE']
 
 It's just a simple insert, and everything lines up (I think)
 
 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310574
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Break from the SQL Injection thread.... weird SQL error

RE: Break from the SQL Injection thread.... weird SQL error

2 matches

Site Navigation

Mail list logo

Footer information