I have a query built using Query Manager that contains a union. I have a prompt for PAY_END_DT that I would like to use in both queries in the union.
When I click the View SQL tab, I can see that each of the queries references the prompt.
AND A.PAY_END_DT = :1
AND C.PAY_END_DT = :1
When I copy the query into SQL Studio and replace the prompt with a date, I get the results I expect. However, when I run the query in PeopleSoft, it errors out.
Checking the log, I see that the prompt in the second query has been changed to :2 (I do not have a second prompt). I have tried changing the criteria in the second
query to an expression, and entering :1, but this too, gets changed to :2. Does anyone have any ideas how to use the one prompt in both queries?
PeopleSoft 8.9
Tools 8.50
SQL Server 2012
Thanks!
I can't reproduce your problem in 8.53 but what you could consider as a workaround is to place your query without the PAY_END_DT prompt clauses into a view in Application Designer, build this view, add it to the query security and then use it in Query Manager with one prompt for PAY_END_DT.
try changing from:
AND A.PAY_END_DT = :1
and AND C.PAY_END_DT = :1
to:
AND A.PAY_END_DT = :1
and AND C.PAY_END_DT = A.PAY_END_DT
Related
I've been attempting to increase my knowledge and trying out some challenges. I've been going at this for a solid two weeks now finished most of the challenge but this one part remains. The error is shown below, what am i not understanding?
Error in sqlite query: update users set last_browser= 'mozilla' + select sql from sqlite_master'', last_time= '13-04-2019' where id = '14'
edited for clarity:
I'm trying a CTF challenge and I'm completely new to this kind of thing so I'm learning as I go. There is a login page with test credentials we can use for obtaining many of the flags. I have obtained most of the flags and this is the last one that remains.
After I login on the webapp with the provided test credentials, the following messages appear: this link
The question for the flag is "What value is hidden in the database table secret?"
So from the previous image, I have attempted to use sql injection to obtain value. This is done by using burp suite and attempting to inject through the user-agent.
I have gone through trying to use many variants of the injection attempt shown above. Im struggling to find out where I am going wrong, especially since the second single-quote is added automatically in the query. I've gone through the sqlite documentation and examples of sql injection, but I cannot sem to understand what I am doing wrong or how to get that to work.
A subquery such as select sql from sqlite_master should be enclosed in brackets.
So you'd want
update user set last_browser= 'mozilla' + (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
Although I don't think that will achieve what you want, which isn't clear. A simple test results in :-
You may want a concatenation of the strings, so instead of + use ||. e.g.
update user set last_browser= 'mozilla' || (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
In which case you'd get something like :-
Thanks for everyone's input, I've worked this out.
The sql query was set up like this:
update users set last_browser= '$user-agent', last_time= '$current_date' where id = '$id_of_user'
edited user-agent with burp suite to be:
Mozilla', last_browser=(select sql from sqlite_master where type='table' limit 0,1), last_time='13-04-2019
Iterated with that found all tables and columns and flags. Rather time consuming but could not find a way to optimise.
Chrome's Developer Tools have a handy prompt on the Resources page where I can execute SQL on my actual WebSQL database. But if the SQL is parameterised like this:
select * from SomeTable where ImportantField = ?
I get a message like this:
Number of '?'s in statement string does not match argument count
I know this is a SQLite message, but I don't see an obvious way to supply the arguments in Chrome Dev Tools. Is it possible?
You are not possibly trying to execute that SQL as-is on the prompt, are you ?
If yes, then obviously you are wrong.
why do you care about ? when you are executing your SQL on console, why not simply use the value.
select * from SomeTable where ImportantField = 'yourValue'
When using SSDT what I miss most is the ability to script the select statement of the top x rows like in SSMS.
Does anyone know if it's possible to turn that on somehow by an powertool or extension that enables the "Script As" functionality in SSDT?
You can right-click a database in the SQL Server Object Explorer (part of SSDT) and choose "New Query..." to get a query window. From there you can write and execute any query you like.
I've also got Redgate's SQL Prompt installed (I work for them), so typing "st100" gets me a top X query quickly -- the built-in intellisense may have something similar.
I am a newb to Oracle. I used to use SQL Plus, and use set serveroutput on to see the results. However, when I started using Oracle Developer, my queries would run, however, I was not able to see the console or the results:
select *
from customer;
I assume that you mean "Oracle SQL Developer" application.
If yes, the in SQL Developer click on View option, then select Dbms output
DBMS Output window (panel) should appear somewhere on the screen.
Then, click on green plus sing in the DBMS-Output panel, and select a session you want to spy.
I have a question on creating running totals in MS Access 2010 similar to the one here:
Access 2010 - query showing running total for multiple records, dropping old record and adding new record on each line
However when I input the equivalent code from that thread I get an error saying that the database cannot be found (Access seems to think the table I have specified is the database name)
Here is the code from the original thread:-
SELECT hbep1.EmployeeID, hbep1.PayPeriodID,
(
SELECT Sum(hbep2.HoursUsed)
FROM Hours_by_Empl_PP hbep2
WHERE hbep2.EmployeeID=hbep1.EmployeeID
AND (hbep2.PayPeriodID Between hbep1.[PayPeriodID]-3
And hbep1.[PayPeriodID])
) AS Sum_of_Hours_last_4_PPs
FROM Hours_by_Empl_PP hbep1;
Here is the code I inputted into my query:-
SELECT
V4_Try.ID_NIS_INV_HDR,
V4_Try.ID_ITM,
V4_Try.RunTot3,
V4_Try.BomVsActQty,
DMin("RunTot3","V4_Try","[ID_Itm]=" & [ID_ITM]) AS IDItmMin,
DMax("RunTot3","V4_Try","[ID_Itm]=" & [ID_ITM]) AS IDItmMax,
(
SELECT Sum([V4_Try].[BomVsActQty])
FROM [V4_Try].[BomVsActQty]
WHERE [V4_Try].[ID_ITM]=[V4_Try].[ID_ITM]
AND (IDItmMax < IDItmMin)
) AS RunTot6
FROM V4_Try
ORDER BY V4_Try.ID_ITM, V4_Try.RunTot3;
One thing I notice is that the main query uses DMax() and DMin() to create some aliased columns
...
DMin("RunTot3","V4_Try","[ID_Itm]=" & [ID_ITM]) AS IDItmMin,
DMax("RunTot3","V4_Try","[ID_Itm]=" & [ID_ITM]) AS IDItmMax,
...
and then the subquery tries to use those aliases in its WHERE clause
(
SELECT ...
WHERE...
AND (IDItmMax < IDItmMin)
) AS RunTot6
I'm pretty sure that the subquery will have no knowledge of the column aliases in the "parent" query, so they may be the items that are unrecognized.
Start by running this query:
SELECT * FROM V4_Try;
Then develop for complexity. Build the nested query before anything else. When you know that runs, try adding your aliases, then the DMax() function, and so on. Isolate the point at which you have an error popping up.
This is the process to fix a query.
Oh, and please specify the precise error that is raised by Access. Also, if this is being run from VBA, please let us know because that affects your trouble-shooting.