Friday, July 9, 2010

SQL queries

Ok so, now I am having problem with configuring SQL queries and using clearBox client tool.

first, let me show you the succesfull authentcation from clearBox clint tool using users that I've created from ClearBox server itself.


The status will change to 'FAILED' if I key in users that are not created in ClearBox.

The same method is used to authenticate users that are created from external SQL server except that you need to key some queries in in the setting as shown below.


Here are the queries that I've tried so far :

SELECT password FROM Users WHERE username= $u ;

SELECT password FROM Users WHERE username= '".$u."'"

SELECT password FROM Users WHERE username= $u

SELECT password FROM Users WHERE username='%$u%';

"SELECT password FROM Users WHERE username ='$u'"

$sql = "SELECT password FROM Users WHERE username = '$u'";

SELECT password FROM Users WHERE username LIKE '$u' ;

SELECT password FROM Users WHERE username LIKE '%u%';

But, none of them work so far. From the response packet, it keep on displaying no such user. In case you are wondering whether the SQL server is connected to my AAA server or not, the screenshot is as shown below to prove you that it is connected.


And below is a screenshot of my database table which contain 2 variables only currently.


So, please do assist me in configuring the query as I have no SQL background at all. But, I'm learning it slowly.

Thanks in advance
Posted by at
Labels: ,

5 comments:

  1. shauntihJuly 10, 2010 at 5:44 AM

    I saw this link on #sqlhelp. In case you haven't received your answer, you need to use LIKE instead of = in your queries. I don't know what your data looks like, but if you're looking for any username with a u in it, the query would be:

    SELECT password FROM Users WHERE username LIKE '%u%';

    You use LIKE with wildcards when you don't want an exact match. Here is a link to the LIKE syntax.
    http://msdn.microsoft.com/en-us/library/ms179859.aspx

    ReplyDelete
  2. AnonymousJuly 12, 2010 at 7:22 AM

    looks like you are using powershell to create and execute your query. if so the below script may get you on your way. you may not need the sql authentication credentials. you may want to ensure in table Users that column username in constrainted as unique:

    $username = "User1"

    #trap sql injection
    if (-not($username.Contains("'"))) {
    #query to find exact match username
    $sql = "SELECT password FROM dbo.Users WHERE username = '" + $username + "';"
    Invoke-Sqlcmd -ServerInstance MyServer\MyInstance -Database MyDatabase -Username MySqlLogin -Password MySqlPassword -Query $sql
    }

    ReplyDelete
  3. ShadowJuly 13, 2010 at 6:50 PM

    to Anonymous:
    Where do I key in that query? in the SQL database server or ClearBox?
    I don't really understand your explaination.
    lol

    ReplyDelete
  4. UnknownJanuary 30, 2013 at 12:35 AM

    Hello all,I am new and I would like to ask that what are the benefits of sql training, what all topics should be covered and it is kinda bothering me ... and has anyone studies from this course wiziq.com/course/125-comprehensive-introduction-to-sql of SQL tutorial online?? or tell me any other guidance...
    would really appreciate help... and Also i would like to thank for all the information you are providing on sql.

    ReplyDelete
    Replies
    1. ShadowMarch 6, 2013 at 4:12 AM

      SQL is important. You don't have to study from that link. There are many other websites that teaches SQL.

      Delete

Subscribe to: Post Comments (Atom)