Gary,
you've mentioned that the user would have had access to the sysobjects
Let's assume he did. The page that this attempt occurred is hard-wired
to display a single record in detail view. In the code, I have a bunch
of echo $row- wrote:
> On 13/02/2012 21:48, Haluk Karamete wrote:
>>
>> My l
sorry, i overlooked that this IS a mysql mailing-list and we are
running ms-sql in this particular case. good catch...
I'd appreciate any insight though.
On Mon, Feb 13, 2012 at 1:56 PM, Gary Smith wrote:
> On 13/02/2012 21:48, Haluk Karamete wrote:
>>
>> My logs shows that we have tried with a
On 13/02/2012 21:48, Haluk Karamete wrote:
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exists (select * fro
My logs shows that we have tried with a SQL Injection attempt, but
our engine has detected and avoided it but I am just curious, what are
these SQL statements are intending to achieve?
SELECT * FROM lecturer WHERE recID='25 ' and exists (select * from
sysobjects) and ''='' ORDER BY EntryDate DES
Rik,
Your Crystal Ball was right! How did I miss that? You get the brownie point for
the day. Thanks!
I knew it wasn't version discrepancy because workbench ssh's into the DB, and
the script does as well, so it is running it on the native client in both
cases. My sysadmin was saying it was ver
> When I run this query in workbench:
> select c.acc_number 'Accession Number', e.DateExam 'MBI Exam Date',
> s.ExamDate 'SJH Exam Date' from chestcon_log c
> left join exams e on CONCAT("000",c.acc_number) = e.LastWordAccNum
> left join sjhreports_ s on c.acc_number = s.AccessionNumber
> WHERE
> c
On 2/13/2012 10:18 AM, James W. McNeely wrote:
When I run this query in workbench:
select c.acc_number 'Accession Number', e.DateExam 'MBI Exam Date', s.ExamDate
'SJH Exam Date'
from chestcon_log c
left join exams e on CONCAT("000",c.acc_number) = e.LastWordAccNum
left join sjhreports_ s on c.ac
Hi,
As you can see in my query, % is not in the beginning. Once again, it is :
select * from DataIndex where (searchKey like 'A%') order by searchKey limit 10
where searchKey has a btree on it.
As Peter was saying, percent in the beginning does a full table scan
as expected.
Thanks.
On Mon, Fe
