mLipok Posted March 23, 2016 Share Posted March 23, 2016 Navicat ... nice tool. I'will buy I hope this year, but for now I have other products on my shopping list . Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24 Link to comment Share on other sites More sharing options...
faustf Posted March 23, 2016 Author Share Posted March 23, 2016 yea is simply and friendly i like so much , i think mysql client by oracle is just to much complicated but i think after 2 o3 step is much better , but for me is perfect Link to comment Share on other sites More sharing options...
faustf Posted March 23, 2016 Author Share Posted March 23, 2016 what you use? Link to comment Share on other sites More sharing options...
mLipok Posted March 23, 2016 Share Posted March 23, 2016 MS SQL Management Studio and MySQL Workbench and SQLite Explorer and of course AutoIt+ADO.au3 UDF Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24 Link to comment Share on other sites More sharing options...
faustf Posted March 23, 2016 Author Share Posted March 23, 2016 o good you are a pro Link to comment Share on other sites More sharing options...
faustf Posted March 23, 2016 Author Share Posted March 23, 2016 i have little problem with insert and update i have apart of script like this expandcollapse popupIf $CC_ANAG = 1 Then Local $sOPA_ragion_social = "'" & GUICtrlRead($ANAC_Input1) & "', " Local $sOPA_Cognome = "'" & GUICtrlRead($ANAC_Input2) & "', " Local $sOPA_via = "'" & GUICtrlRead($ANAC_Input3) & "', " Local $sOPA_citta = "'" & GUICtrlRead($ANAC_Input4) & "', " Local $sOPA_provincia = "'" & GUICtrlRead($ANAC_Input5) & "', " Local $sOPA_stato = "'" & GUICtrlRead($ANAC_Input6) & "', " Local $sOPA_mail = "'" & GUICtrlRead($ANAC_Input23) & "', " Local $sOPA_cell = "'" & GUICtrlRead($ANAC_Input10) & "', " Local $sOPA_piva = "'" & GUICtrlRead($ANAC_Input7) & "', " Local $sOPA_codfi = "'" & GUICtrlRead($ANAC_Input8) & "', " Local $sOPA_tel = "'" & GUICtrlRead($ANAC_Input9) & "', " Local $sOPA_cap = "'" & GUICtrlRead($ANAC_Input11) & "'" Local $sSLA_ragion_social = "'" & GUICtrlRead($ANAC_Input12) & "', " Local $sSLA_Cognome = "'" & GUICtrlRead($ANAC_Input13) & "', " Local $sSLA_via = "'" & GUICtrlRead($ANAC_Input14) & "', " Local $sSLA_citta = "'" & GUICtrlRead($ANAC_Input15) & "', " Local $sSLA_provincia = "'" & GUICtrlRead($ANAC_Input16) & "', " Local $sSLA_stato = "'" & GUICtrlRead($ANAC_Input17) & "', " Local $sSLA_mail = "'" & GUICtrlRead($ANAC_Input24) & "', " Local $sSLA_cell = "'" & GUICtrlRead($ANAC_Input21) & "', " Local $sSLA_piva = "'" & GUICtrlRead($ANAC_Input18) & "', " Local $sSLA_codfi = "'" & GUICtrlRead($ANAC_Input19) & "', " Local $sSLA_tel = "'" & GUICtrlRead($ANAC_Input20) & "', " Local $sSLA_cap = "'" & GUICtrlRead($ANAC_Input22) & "'" If $ANAC_Control_click_carica = 0 Then Local $syntax = "INSERT INTO ge_anagrafica_clienti (sop_ragion_social,sop_cognome,sop_via,sop_citta,sop_prov,sop_stato,sop_mail,sop_cell,sop_piva,sop_codfi,sop_tel,sop_cap,sl_ragion_social,sl_cognome,sl_via,sl_citta,sl_prov,sl_stato,sl_mail,sl_cell,sl_piva,sl_codfi,sl_tel,sl_cap)" & _ " VALUES (" & $sOPA_ragion_social & $sOPA_Cognome & $sOPA_via & $sOPA_citta & $sOPA_provincia & $sOPA_stato & $sOPA_mail & $sOPA_cell & $sOPA_piva & $sOPA_codfi & $sOPA_tel & $sOPA_cap & $sSLA_ragion_social & $sSLA_Cognome & $sSLA_via & $sSLA_citta & $sSLA_provincia & $sSLA_stato & $sSLA_mail & $sSLA_cell & $sSLA_piva & $sSLA_codfi & $sSLA_tel & $sSLA_cap & ")" Local $queryde = _Mysql_Query($syntax) If @error Then SetError(@error, @extended, $ADO_RET_FAILURE) EndIf Else Local $syntax = "UPDATE ge_anagrafica_clienti SET sop_ragion_social=" & $sOPA_ragion_social & _ "sop_cognome=" & $sOPA_Cognome & _ "sop_via=" & $sOPA_via & _ "sop_citta=" & $sOPA_citta & _ "sop_prov=" & $sOPA_provincia & _ "sop_stato=" & $sOPA_stato & _ "sop_mail=" & $sOPA_mail & _ "sop_cell=" & $sOPA_cell & _ "sop_piva=" & $sOPA_piva & _ "sop_codfi=" & $sOPA_codfi & _ "sop_tel=" & $sOPA_tel & _ "sop_cap=" & $sOPA_cap & _ "sl_ragion_social=" & $sSLA_ragion_social & _ "sl_cognome=" & $sSLA_Cognome & _ "sl_via=" & $sSLA_via & _ "sl_citta=" & $sSLA_citta & _ "sl_prov=" & $sSLA_provincia & _ "sl_stato=" & $sSLA_stato & _ "sl_mail=" & $sSLA_mail & _ "sl_cell=" & $sSLA_cell & _ "sl_piva=" & $sSLA_piva & _ "sl_codfi=" & $sSLA_codfi & _ "sl_tel=" & $sSLA_tel & _ "sl_cap=" & $sSLA_cap & _ "WHERE id=" & $ANAC_Control_click_carica Local $queryde = _Mysql_Query($syntax) If @error Then SetError(@error, @extended, $ADO_RET_FAILURE) EndIf EndIf EndIf GUICtrlDelete($ANAC_List1) _listwiev_anagrafica_clienti() when work a update give me this error ############################### ADO.au3 v.2.1.13 BETA (1155) : ==> COM Error intercepted ! $oADO_Error.description is: [MySQL][ODBC 5.3(w) Driver][mysqld-5.6.28]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sl_ragion_social='stefano', sl_cognome='cerbioni', sl_via='Fucecchio', sl_citta=' at line 1 $oADO_Error.windescription: Exception occurred. $oADO_Error.number is: 80020009 $oADO_Error.lastdllerror is: 0 $oADO_Error.scriptline is: 1155 $oADO_Error.source is: Microsoft OLE DB Provider for ODBC Drivers $oADO_Error.helpfile is: $oADO_Error.helpcontext is: 0 ############################### and when work insert have this ############################### ADO.au3 v.2.1.13 BETA (1155) : ==> COM Error intercepted ! $oADO_Error.description is: [MySQL][ODBC 5.3(w) Driver][mysqld-5.6.28]Column count doesn't match value count at row 1 $oADO_Error.windescription: Exception occurred. $oADO_Error.number is: 80020009 $oADO_Error.lastdllerror is: 0 $oADO_Error.scriptline is: 1155 $oADO_Error.source is: Microsoft OLE DB Provider for ODBC Drivers $oADO_Error.helpfile is: $oADO_Error.helpcontext is: 0 ############################### +>00:41:30 AutoIt3.exe ended.rc:0 +>00:41:30 AutoIt3Wrapper Finished. >Exit code: 0 Time: 19.07 Link to comment Share on other sites More sharing options...
jchd Posted March 24, 2016 Share Posted March 24, 2016 You should always escape possible single quotes in text values. To see why, look what the following statement looks like when it's received by the engine: Local $name = "O'Connor" Local $sql = "insert into mytable (name) values ('" & $name & "');" ConsoleWrite($sql & @LF) ; compare to this $sql = "insert into mytable (name) values ('" & SQLesc($name) & "');" ConsoleWrite($sql & @LF) Func SQLesc($s) Return StringReplace($s, "'", "''") EndFunc This can cause the first error you cite. The second error kind can easily be simulated: Local $name = "O','Connor" Local $sql = "insert into mytable (name) values ('" & $name & "');" ConsoleWrite($sql & @LF) ; compare to this $sql = "insert into mytable (name) values ('" & SQLesc($name) & "');" ConsoleWrite($sql & @LF) Func SQLesc($s) Return StringReplace($s, "'", "''") EndFunc Not escaping string carefully opens the door to suprious runtime errors as shown above and, more worrisome SQL injection attacks . This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
faustf Posted March 24, 2016 Author Share Posted March 24, 2016 i did do a simply error i write this Local $sOPA_cap = "'" & GUICtrlRead($ANAC_Input11) & "'" and i must write this Local $sOPA_cap = "'" & GUICtrlRead($ANAC_Input11) & "'," thankz at all Link to comment Share on other sites More sharing options...
jchd Posted March 24, 2016 Share Posted March 24, 2016 Oops, I typed a note on this missing comma but it got deleted somehow under my feet when I inserted the rest of my post. So yes you had a missing comma in this case, yet you still aren't safe by not escaping strings as the rest of my post demonstrates. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
faustf Posted March 24, 2016 Author Share Posted March 24, 2016 i dont understund so much your example i understund the problem of sql injection but is better the first or the second ?? exmple : insert into mytable (name) values ('O','Connor'); insert into mytable (name) values ('O'',''Connor'); i use what book sql tell , i think Link to comment Share on other sites More sharing options...
jchd Posted March 24, 2016 Share Posted March 24, 2016 The first line is invalid SQL: due to the string viciously containing O','Connor the values part ends up being now two values. Imagine if the user types the following instead: OConnor');drop table mytable;-- Then the SQL statement would be turned into not less than 3 valid statements, blue, red and green: insert into mytable (name) values ('OConnor');drop table mytable;--'); The only safe way is to escape all single quotes (double them) in input strings, just like my example SQLesc() function. Always! This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now