Home > Q&A > body text

A sql injection error, can someone please solve it?

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CREATE TABLE `dc_addons_access`(

`user_id` int(10) NOT NULL,

`addon` varchar' at line 3

CREATE TABLE `dc_addons_access`(

`user_id` int(10) NOT NULL,

`addon` varchar(50) NOT NULL,

`mpid` int(10) NOT NULL,

`status` tinyint(1) DEFAULT NULL,

) ENGINE=InnoDB DEFAULT CHARSET=utf8;

这是注册数据库表的其中一个表

冥冥之中天注定2579 days ago1268

reply all(1)I'll reply

ringa_lee2017-09-27 15:20:51

`status` tinyint(1) DEFAULT NULL,

Remove the last comma

That one was added after the error was reported. It couldn't be injected without a comma before, which is very annoying! Why don't you add me on QQ and I'll send you this SQL, and then you can register and take a look. I'm a newbie and I couldn't solve this problem all morning 1548 5266

— 冥冥之中天注定 · 2017-09-27 15:23:42

This is a sql file to create a table. Even if the comma is removed, an error message will appear. Only one table can be registered, but a lot of the following tables cannot be registered. What is your QQ? Can I send you the sql file for you to take a look at?

— 冥冥之中天注定 · 2017-09-27 19:31:24

I ran your statement locally. As long as I removed the last comma (`status` tinyint(1) DEFAULT NULL), it ran successfully!

— ringa_lee · 2017-09-27 15:55:09

You just need to put this statement in the Mysql command line to run it. There is no need to put it in a file.

— ringa_lee · 2017-09-27 21:56:34

Cancelreply