Uncaught PDOException: SQLSTATE[42000]:

siva1740

New member
Hi I been downloaded php software "candidATS"[ a open application tracking system ],after installation I am getting this error ,please help me to fix this


error :
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'system WHERE system_id = 0' at line 4 in E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\ClsNaanalPDO.php:568 Stack trace: #0 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\ClsNaanalPDO.php(568): PDO->query('SELECT\r\n ...') #1 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\DatabaseConnectionPDO.php(154): ClsNaanalPDO->setQuery('SELECT\r\n ...') #2 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\DatabaseConnectionPDO.php(308): DatabaseConnection->query('SELECT\r\n ...') #3 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\SystemInfo.php(69): DatabaseConnection->getAssoc('SELECT\r\n ...') #4 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\NewVersionCheck.php(167): SystemInfo->getSystemInfo() #5 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\modules\home\HomeUI.php(168): NewVersionCheck::getNews() #6 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\modules\home\HomeUI.php(81): HomeUI->home() #7 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\ModuleUtility.php(354): HomeUI->render() #8 E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\index.php(342): ModuleUtility::loadModule('home') #9 {main} thrown in E:\data_2\Auieo_file\UniServerZ_15\www\PlatinATS\lib\ClsNaanalPDO.php on line 568
 
I have dig in to source of version 3.0 and I found that code:
PHP:
    public function getSystemInfo()
    {
        Logger::getLogger("AuieoATS")->info("SystemInfo:getSystemInfo entry");
        //FIXME: SELECT INDIVIDUAL COLS!
        $sql = sprintf(
            "SELECT
                *
            FROM
                system
            WHERE
                system_id = 0"
        );
        $ret = $this->_db->getAssoc($sql);
        Logger::getLogger("AuieoATS")->info("SystemInfo:getSystemInfo exit");
        return $ret;
    }

please try manually in php admin execute the query:
SQL:
SELECT
                *
            FROM
                system
            WHERE
                system_id = 0

but there is a large vulnerability: the app using the sprintf function to generate the query and bind values into query that is not enough to secure by SQL Injection, so in my opinion you should find another tool, especially if you just start with this one
 
I have dig in to source of version 3.0 and I found that code:
PHP:
    public function getSystemInfo()
    {
        Logger::getLogger("AuieoATS")->info("SystemInfo:getSystemInfo entry");
        //FIXME: SELECT INDIVIDUAL COLS!
        $sql = sprintf(
            "SELECT
                *
            FROM
                system
            WHERE
                system_id = 0"
        );
        $ret = $this->_db->getAssoc($sql);
        Logger::getLogger("AuieoATS")->info("SystemInfo:getSystemInfo exit");
        return $ret;
    }

please try manually in php admin execute the query:
SQL:
SELECT
                *
            FROM
                system
            WHERE
                system_id = 0

but there is a large vulnerability: the app using the sprintf function to generate the query and bind values into query that is not enough to secure by SQL Injection, so in my opinion you should find another tool, especially if you just start with this one
ok I try you suggestion
 
Hi Michalio,

Thank you for your solution. I tried executing "select from system where system_id=0" in database. It said, the system is reserve keyword. So I changed the query to " select from `system` where `system_id`=0". Now it is working.
Thank you for your effort.



 
Back
Top