Category Archives: MySQL

[Solved] MySQL Error: Client does not support authentication protocol requested by server

#Client does not support authentication protocol requested by server; consider upgrading MySQL client

Background: unknown, only my personal situation for reference. The question is not sure if it is related to Noje.js , that is, ES6 is directly related, and whether it is inevitable or not is uncertain Node.js When developing the server, the parameters such as the domain name (localhost), port (3306), user name (root), password, etc. are set correctly, but still an error is reported.

Premise: the computer has installed (1) MySQL (current version 8.0). It is recommended to install (2) MySQL database visualization software, such as Navicat.

#Solution steps:
[solution]
connect to the database (best through third-party software like Navicat or console), and input the following contents:

mysql> ALTER USER ‘root’@‘localhost’ IDENTIFIED WITH mysql_native_password BY ‘New root password’;

(here “;” please note)

It is recommended to close the running server (if it exists, whether it is successfully started or not), check the new database password, and then restart
refer to stack overflow https://stackoverflow.com/questions/50093144/mysql-8-0-client-does-not-support-authentication-protocol-requested-by-server

#Note:
I don’t quite understand the cause of this problem and how it was solved. So I suggest that you follow the example.
Theoretically, this command only resets the password of root. If the password before and after reset is the same, it should not report an error at the beginning

Please try this solution first, if it is invalid, then consider upgrading MySQL version.

Failed to load file or assembly MySql.Web Solution

Configuration error

Description: an error occurred while processing the configuration file required to service the request. Check the specific error details below and modify the configuration file as appropriate.

parser error message: failed to load file or assembly“ MySql.Web , version = 8.0.13.0, culture = neutral, publickeytoken = c5687fc88969c44d “or one of its dependencies. The system cannot find the specified file.

Source error:

Line 282:    <siteMap>
Line 283:      <providers>
Line 284:        <add name="MySqlSiteMapProvider" type="MySql.Web.SiteMap.MySqlSiteMapProvider, MySql.Web, Version=8.0.13.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="LocalMySqlServer" applicationName="/" />
Line 285:      </providers>
Line 286:    </siteMap>

Source file: C:: Windows\ Microsoft.NET \Framework\v4.0.30319\Config\ machine.config Line: 284

assembly load trace: the following information helps determine the assembly“ MySql.Web , version = 8.0.13.0, culture = neutral, publickeytoken = c5687fc88969c44d “.

Source file: C:: Windows\ Microsoft.NET \Framework\v4.0.30319\Config\ machine.config There’s a problem

All we need to do is go to C: windows\ Microsoft.NET \Framework\v4.0.30319\Config\ machine.config Find the file

take machine.config.defalut Remove the following. Default and replace the original machine.config Replace it

How to Solve SQL state [HY000]: general error 2503

SQLSTATE[HY000]: General error 2503

This error is caused by $this – & gt; query. In version 3.2.3, the query and execute methods should be called separately, otherwise an error will be reported in debug mode

After 3.2.3, the TP framework requires different method calls for read and write operations. If it is used incorrectly, an error will be reported in non debugging mode.

Read data using $this->query
Write data using $this->execute

After TP5, it is written as follows:

Read data using Db::query
Write data using Db::execute

Oracle-OrcleInstanctClient Install ODBC Error: Oracle ODBC Driver with same name already exists

Leave a reply

This error shows that there is no permission. Open CMD with administrator permissions and then register again.

 

<error message>

$ odbc_install JA
Oracle ODBC Driver with same name already exists.

<Open CMD with administrative rights>

$ odbc_install JA
Oracle ODBC Driver is installed successfully.

[Solved] Running in 64 bit mode with the 32 bit Oracle client installed

When connecting to Oracle database, it is easy to encounter the problem of 32-bit and 64 bit drivers. On a 32-bit machine, everything is 32-bit, which is not complicated. But now the general win7 system is 64 bit, and 64 bit machine can install 32-bit and 64 bit driver.

 

If the WinForm program is used to connect to Oracle database, you can use Oracle’s own DLL, Oracle.DataAcess , you can also use Microsoft’s own System.Data.OracleClient . But the premise of using these two days is that the Oracle client driver must be installed on the machine. The driver here is divided into 32-bit and 64 bit. and Oracle.DataAcess Also divided into 32-bit and 64 bit, which must be consistent before and after the two.

Let’s talk about the recent problems. Recently, I’m working on a website project. Note that it’s not a web application, it’s just a website project, and it’s directly published to IIS. It’s just Microsoft ystem.Data.OracleClient The build mode of the project is any CPU, as shown in the figure below.

 

 

Because vs has its own Cassini server only in 32-bit mode, the programs in any CPU mode can only run in 32-bit mode. At this time, an exception running in 64 bit mode with the 32 bit Oracle client installed is reported System.Data.OracleClient The version of 32 or 64 is not right. Many changes have been made, but the reason has not been found out. Later, I understood that the 32 bit Oracle client installed here refers to the DLL, not the driver downloaded from the Oracle official website. Because at this time, only ORALCE’s 64 bit driver is installed on my machine. Now this program is 32-bit. When I connect to the 64 bit driver, this exception is reported. When I installed the 32-bit Oracle driver, this problem was solved.

 

I also encountered a small problem during the installation, because I have installed 64 bit driver before, and there is an Oracle app directory in the machine. At this time, we can install the 32-bit driver into the custom directory app2. In other words, 32-bit and 64 bit Oracle client drivers are installed on the machine at the same time. The program will connect to the corresponding driver according to its own x86 or x64 mode, and then connect to the Oracle database remotely. Note that the driver for installing Oracle client is the machine where the DLL is located, that is, the machine where the program runs, not the machine where the Oracle server is located. In essence, Oracle client and Oracle server transmit data on the network.

 

 

 

 

 

 

Can mybatis prevent SQL injection

1. Concept: what is SQL injection

sql injection : is a code injection technology, used to attack data-driven applications, malicious SQL statements are inserted into the executed entity fields.

It’s a common attack. If the attacker enters some special SQL fragments (such as “or 1 = 1”) on the form information or URL of the interface, it is possible to invade the application with incomplete parameter verification. Therefore, some work should be done in application development to prevent SQL injection. In some applications with high security requirements (such as banking software), SQL statements are usually replaced by stored procedures to prevent SQL injection. It’s a very safe way to deal with it.

answer: mybatis can prevent SQL injection, please continue to read.

2. Implementation: mybatis prevents SQL injection

<select id="selectByNameAndPassword" parameterType="java.util.Map" resultMap="BaseResultMap">
  select id, username, password, role
     from user
        where username = #{username,jdbcType=VARCHAR}
        and password = #{password,jdbcType=VARCHAR}
</select>
<select id="selectByNameAndPassword" parameterType="java.util.Map" resultMap="BaseResultMap">
    select id, username, password, role
        from user
        where username = ${username,jdbcType=VARCHAR}
        and password = ${password,jdbcType=VARCHAR}
</select>

the difference between # and $ in mybatis:

1. # will treat all incoming parameters as a string, and will automatically add a double quotation mark to it.

For example: where user name = # {user name}, if the value passed in is 111, then the value parsed into SQL is where user name = # {user name}. If the value passed in is ID, then the value parsed into SQL is where user name = # {user name}

2. $ directly displays and generates the incoming data in SQL.

For example: where user name = ${user name}, if the value passed in is 111, then the value parsed into SQL is where user name = 111

If the passed in value is; drop table user;, then the parsed SQL is: select id, username, password, role from user where username =; drop table user

3. The # method can prevent SQL injection to a great extent, while the $ method cannot prevent SQL injection.

4. The $ method is generally used to pass in database objects, such as table names

5. It is recommended to use #, to avoid using $. If you have to use parameters like “${XXX}”, you need to do a good job in filtering to prevent SQL injection attacks.

6. In mybatis, parameters with “${XXX}” format will directly participate in SQL compilation, so injection attack cannot be avoided. But when it comes to dynamic table names and column names, we can only use parameter formats like “${XXX}”. Therefore, such parameters need to be handled manually in the code to prevent injection.

[Conclusion] the format of “# {XXX}” should be used as much as possible when writing the mapping statement of mybatis. If you have to use parameters like “${XXX}”, you should do a good job of filtering manually to prevent SQL injection attacks.

3. Principle analysis: how does mybatis prevent SQL injection

Mybatis framework is a semi-automatic persistence layer framework , SQL statements need to be written manually by developers, at this time, SQL injection must be prevented. In fact, mybatis SQL has the function of “ input + output “, which is similar to the function structure. Please refer to the above two examples. Among them, parametertype indicates the input parameter type and resulttype indicates the output parameter type. In retrospect, if you want to prevent SQL injection, you have to do something about the input parameters. In the above code, #, is the part where input parameters are spliced in SQL. After the parameters are passed in, the executed SQL statement will be printed out, as follows:

select id, username, password, role from user where username=?and password=?

That is, no matter what kind of parameters you enter, the printed SQL will look like the above. Reason: mybatis enables the precompile function. Before SQL execution, SQL will be sent to the database for compilation. During execution, the compiled SQL will be used directly, and the parameter can replace the “?” in the place holder. Because SQL injection can only work on the compilation process, this way can avoid SQL injection attack.

[underlying implementation principle] how does mybatis precompile SQL?In fact, at the bottom of the framework, it is the Preparedstatement class in JDBC that works. Preparedstatement is a subclass of statement that we are very familiar with. Its objects contain compiled SQL statements. This “ready” approach not only improves security, but also improves efficiency when executing the same SQL multiple times. The reason is that the SQL has been compiled and there is no need to compile it again.

//Safe, pre-compiled
Connection conn = getConn();//Get the connection
String sql = "select id, username, password, role from user where id=?" ; // the statement will be pre-compiled before executing sql
PreparedStatement pstmt = conn.prepareStatement(sql); 
pstmt.setString(1, id); 
ResultSet rs=pstmt.executeUpdate(); 
......

//Unsafe, not pre-compiled
private String getNameByUserId(String userId) {
    Connection conn = getConn();//connected
    String sql = "select id,username,password,role from user where id=" + id;
    //When the id parameter is "3;drop table user;", the executed sql statement is as follows:
    //select id,username,password,role from user where id=3; drop table user;  
    PreparedStatement pstmt =  conn.prepareStatement(sql);
    ResultSet rs=pstmt.executeUpdate();
    ......
}

Conclusion

#{}: equivalent to Preparedstatement in JDBC

${}: is the value of the output variable

In short: # {} needs to be precompiled, which is safe; ${} only takes variable values without precompiling, which is not safe, and there is a risk of SQL injection attack.

If ${} is used after the order by statement, there is a risk of SQL injection when nothing is done. Need to develop this code level parameter verification, filtering parameters, parameter length, whether in the expected set, whether contains special or database keywords.

DVWA Uncaught Error: Call to undefined function mysql_connect() in /Applications/XAMPP/xampp

DVWA connection error after installation

Fatal error: Uncaught Error: Call to undefined function mysql_ connect() in /Applications/XAMPP/xamppfiles/htdocs/dvwa/dvwa/includes/ dvwaPage.inc.php:461 Stack trace: #0 /Applications/XAMPP/xamppfiles/htdocs/dvwa/ login.php (8): dvwaDatabaseConnect() #1 {main} thrown in /Applications/XAMPP/xamppfiles/htdocs/dvwa/dvwa/includes/ dvwaPage.inc.php on line 461

The reason is: Line 461 here is mysql_ Connect() is no longer used, but mysqli instead_ Just connect (), and add an I
to MySQL

After modification,
was successfully connected

If there is a similar error, open the corresponding file and change Mysql to mysqli

Mysql 8.0.13 Enabling remote access (ERROR 1064 (42000): You have an error in your SQL syntax; check the manual th)

preface

When opening remote access permission on windows, we searched a lot of information. Most of the commands explaining how to open remote MySQL remote service are as follows:

grant all privileges on *.* to 'root'@'%' identified by 'Your passwords' with grant option

This method is not applicable to the version after MySQL 8.0.

you need to use the following command to start the remote service.

CREATE USER 'root'@'%' IDENTIFIED BY 'Your passwords'; 
GRANT ALL ON *.* TO 'root'@'%'; 
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY 'Your passwords';

After the three commands are executed in sequence, refresh the permissions:

FLUSH PRIVILEGES;

Actual effect:

linux mysql ERROR 1820 (HY000): You must SET PASSWORD before executing this statement

1. Error information

ERROR 1820 (HY000): You must SET PASSWORD before executing this statement

2. Cause of error

This error means that the original password needs to be changed to execute a MySQL statement

3. Solutions

Log in to MySQL

mysql -u root -p

Change Password

mysql> SET PASSWORD = PASSWORD('123456');

4. Error report

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

It means that the password you set is not complicated enough. It’s better to use numbers + letters + special characters

[Mybatis] How to Solve the problem of Oracle query processing more than 1000 in conditions

Go directly to SQL. The idea is very simple

select * from test_table
where 1 = 1 
 <!-- IdList -->
 <if test="IdList != null and IdList.size > 0">
     AND PK_ID IN
    <!-- Handle the case where Oracle does not support in when the set of in exceeds 1000 entries -->
    <trim suffixOverrides=" OR PK_ID IN()">    <!-- means delete the last condition -->
        <foreach collection="IdList" item="Id" index="index" open="(" close=")">
            <if test="index != 0">
                <choose>
                    <when test="index % 1000 == 999">) OR PK_ID IN (</when>
                    <otherwise>,</otherwise>
                </choose>
            </if>
            #{Id}
        </foreach>
    </trim>
 </if>

mysql ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executin

It’s still good to log in to MySQL (server version: 5.7.11) yesterday. The following error will be reported when executing any command after logging in today

mysql> help contents
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> help contents
ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.
mysql> show databases;
Error 1820 (HY000): you must reset your password using alter user statement before executing this statement

Or

MySQL > set password = password (“youpassword”);
2. Refresh permissions
MySQL > flush privileges;

MySQL > help contents
you asked for help about help category: “contents”
for more information, type ‘help < item >’, where < item> is one of the following
categories:
Account Management
Administration
Compound Statements
Data Definition
Data Manipulation
Data Types
Functions
Functions and Modifiers for Use with GROUP BY
Geographic Features
Help Metadata
Language Structure
Plugins
Procedures
Storage Engines
Table Maintenance
Transactions
User-Defined Functions
Utility
mysql>

Done!

Oracle creates a job and executes the stored procedure with parameters regularly

Create a stored procedure (insert a person’s name into the person table)

PROCEDURE INSERTPERSON(
                            name    IN VARCHAR2
                            ) AS
  BEGIN
    -- TODO: PROCEDURE TEST.INSERTPERSON Required implementation
    insert into person values (name);
    commit;
  END INSERTPERSON;

Create job

DECLARE  
X NUMBER;  --set jobid
BEGIN  
SYS.DBMS_JOB.SUBMIT  
( job => X ,
what => 'DECLARE
  name VARCHAR2(10):=''jax'';
BEGIN
  TEST.INSERTPERSON(name);
END;' ,
next_date => to_date('17-03-2021 14:21:41', 'dd-mm-yyyy hh24:mi:ss'),
interval => 'sysdate+1/24' ,
no_parse => TRUE  
);  
COMMIT;  
END;

Execute job now

begin  
dbms_job.run(jobid);  
end;

Query to create the right job

select * from user_jobs

Delete job


begin
   dbms_job.remove(4);--和select * from user_jobs; The value of the job in
end;