What could be the input?

Sandeep Mewara

Even if this works, INPUT cannot have * in it. :)

Latest CodeProject post: Quick look into Machine Learning workflow How to solve Word Ladder Problem? To read all my blog posts, visit: Learn by Insight...

Peter_in_2780

Did you try: 1. HTML entities, like &#42 2. ASCII/Unicode in hex/octal \x2a \u002a \052 Some of those might sneak through. Just a thought from someone who knows nothing of your environment.

Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012

Espen Harlinn

SQL Server: Msg 113, Level 15, State 1, Line 1 Missing end comment mark '*/'. Msg 113, Level 15, State 1, Line 1 Missing end comment mark '*/'. Msg 102, Level 15, State 1, Line 1 Incorrect syntax near '='.

Espen Harlinn Senior Architect - Ulriken Consulting AS The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra

Espen Harlinn

Quote:

Even if this works, INPUT cannot have * in it.

It doesn't - I just replaced " INPUT " with "/"

Espen Harlinn Senior Architect - Ulriken Consulting AS The competent programmer is fully aware of the strictly limited size of his own skull; therefore he approaches the programming task in full humility, and among other things he avoids clever tricks like the plague.Edsger W.Dijkstra

Nelek

The used * are yours, not his

M.D.V. ;) If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about? Help me to understand what I'm saying, and I'll explain it better to you Rating helpful answers is nice, but saying thanks can be even nicer.

Jorgen Andersson

Because SQL Server allows nested comment blocks. "Nested comments are supported. If the /* character pattern occurs anywhere within an existing comment, it is treated as the start of a nested comment and, therefore, requires a closing */ comment mark. If the closing comment mark does not exist, an error is generated." - SQL Server | Microsoft Docs[^]

Wrong is evil and must be defeated. - Jeff Ello

DerekT P

In MySql or MariaDB, most values of INPUT starting with an exclamation mark will cause a syntax error IF there is no space between your opening comment tag and INPUT, eg:

SELECT * FROM test WHERE id= /*! oops */ 100

However it's also possible to inject valid SQL that way:

SELECT * FROM test WHERE ID= /*!0 OR ID > 0 OR ID= */ 100

This query returning all rows in the table. See MySql ref: Comments[^] The idea is that you can then write SQL that works across DBMS, by including code that is only "seen" by MySql. You can also include query optimiser hints using a similar /*+ hint */ syntax, so you could probably break your query by starting INPUT with a plus sign as well, again only provided there's no space after the opening asterisk. And yes, this is definitely too much of a programming question to be in the Lounge! :laugh:

Forogar

I did say "might be". ;-)

- I would love to change the world, but they won’t give me the source code.

W Balboos GHB

Sandeep Mewara wrote:

0 results.

I don't think it's mere semantics but, in my opinion at least, returning 0 results is not throwing an error - the query ran and sent back an empty results set. This might be a way to trigger a great debate thread.

Ravings en masse^

"The difference between genius and stupidity is that genius has its limits." - Albert Einstein

"If you are searching for perfection in others, then you seek disappointment. If you seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010

obermd

Won't a semi-colon (;) cause that comment to end?

PIEBALDconsult

No.