search

Home  >  Q&A  >  body text

A sql injection error, can someone please solve it?

 1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CREATE TABLE `dc_addons_access`(

  `user_id` int(10) NOT NULL,

  `addon` varchar' at line 3



CREATE TABLE `dc_addons_access`(

  `user_id` int(10) NOT NULL,

  `addon` varchar(50) NOT NULL,

  `mpid` int(10) NOT NULL,

  `status` tinyint(1) DEFAULT NULL,

) ENGINE=InnoDB DEFAULT CHARSET=utf8;

这是注册数据库表的其中一个表 

冥冥之中天注定冥冥之中天注定2618 days ago1303

reply all(1)I'll reply

  • ringa_lee

    ringa_lee2017-09-27 15:20:51

    `status` tinyint(1) DEFAULT NULL,

    Remove the last comma

    reply
    0
  • 冥冥之中天注定

    That one was added after the error was reported. It couldn't be injected without a comma before, which is very annoying! Why don't you add me on QQ and I'll send you this SQL, and then you can register and take a look. I'm a newbie and I couldn't solve this problem all morning 1548 5266

    冥冥之中天注定 · 2017-09-27 15:23:42
    冥冥之中天注定

    This is a sql file to create a table. Even if the comma is removed, an error message will appear. Only one table can be registered, but a lot of the following tables cannot be registered. What is your QQ? Can I send you the sql file for you to take a look at?

    冥冥之中天注定 · 2017-09-27 19:31:24
    ringa_lee

    I ran your statement locally. As long as I removed the last comma (`status` tinyint(1) DEFAULT NULL), it ran successfully!

    ringa_lee · 2017-09-27 15:55:09
    ringa_lee

    You just need to put this statement in the Mysql command line to run it. There is no need to put it in a file.

    ringa_lee · 2017-09-27 21:56:34
  • Cancelreply