SQL injection using SubQuery Select in Insert Statement

StackOverflow https://stackoverflow.com/questions/19620957

Question

I'm learning about SQL injection, and I've come across an SQL query that looks like the following.

The SQL query looks like:

INSERT INTO documents (name, filename, mimetype, sessid) VALUES ("name", "filename", "mimetype", "sessid");

I want to do something like:

INSERT INTO documents (name, filename, mimetype, sessid) VALUES ((SELECT * FROM level8.documents), "filename", "mimetype", "sessid");

or even

INSERT INTO documents (name, filename, mimetype, sessid) VALUES ((SELECT * FROM level8.documents), "filename", "mimetype", "sessid");

When I run this I get error code: 1241. when I run this. What am I doing wrong?

Était-ce utile?

La solution

Your select statement returns more than 1 columns.

Try

INSERT INTO documents (name, filename, mimetype, sessid) 
VALUES ((SELECT GROUP_CONCAT(names of all your columns) FROM 
level8.documents), "filename", "mimetype", "sessid");

Read more about subquery errors here.

http://dev.mysql.com/doc/refman/5.6/en/subquery-errors.html

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top