I am trying to insert values into my comments table and I am getting a error. Its saying that I can not add or update child row and I have no idea what that means.
My schema looks something like this:
--
-- Baza danych: `koxu1996_test`
--
-- --------------------------------------------------------
--
-- Struktura tabeli dla tabeli `user`
--
CREATE TABLE IF NOT EXISTS `user` (
`id` int(8) NOT NULL AUTO_INCREMENT,
`username` varchar(32) COLLATE utf8_bin NOT NULL,
`password` varchar(64) COLLATE utf8_bin NOT NULL,
`password_real` char(32) COLLATE utf8_bin NOT NULL,
`email` varchar(32) COLLATE utf8_bin NOT NULL,
`code` char(8) COLLATE utf8_bin NOT NULL,
`activated` enum('0','1') COLLATE utf8_bin NOT NULL DEFAULT '0',
`activation_key` char(32) COLLATE utf8_bin NOT NULL,
`reset_key` varchar(32) COLLATE utf8_bin NOT NULL,
`name` varchar(32) COLLATE utf8_bin NOT NULL,
`street` varchar(32) COLLATE utf8_bin NOT NULL,
`house_number` varchar(32) COLLATE utf8_bin NOT NULL,
`apartment_number` varchar(32) COLLATE utf8_bin NOT NULL,
`city` varchar(32) COLLATE utf8_bin NOT NULL,
`zip_code` varchar(32) COLLATE utf8_bin NOT NULL,
`phone_number` varchar(16) COLLATE utf8_bin NOT NULL,
`country` int(8) NOT NULL,
`province` int(8) NOT NULL,
`pesel` varchar(32) COLLATE utf8_bin NOT NULL,
`register_time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`authorised_time` datetime NOT NULL,
`edit_time` datetime NOT NULL,
`saldo` decimal(9,2) NOT NULL,
`referer_id` int(8) NOT NULL,
`level` int(8) NOT NULL,
PRIMARY KEY (`id`),
KEY `country` (`country`),
KEY `province` (`province`),
KEY `referer_id` (`referer_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin AUTO_INCREMENT=83 ;
and the mysql statement I am trying to do looks something like this:
INSERT INTO `user` (`password`, `code`, `activation_key`, `reset_key`, `register_time`, `edit_time`, `saldo`, `referer_id`, `level`) VALUES (:yp0, :yp1, :yp2, :yp3, NOW(), NOW(), :yp4, :yp5, :yp6). Bound with :yp0='fa1269ea0d8c8723b5734305e48f7d46', :yp1='F154', :yp2='adc53c85bb2982e4b719470d3c247973', :yp3='', :yp4='0', :yp5=0, :yp6=1
the error I get looks like this:
SQLSTATE[23000]: Integrity constraint violation: 1452 Cannot add or
update a child row: a foreign key constraint fails
(koxu1996_test.user, CONSTRAINTuser_ibfk_1FOREIGN KEY
(country) REFERENCEScountry_type(id) ON DELETE NO ACTION ON
UPDATE NO ACTION)
Всем привет! При выполнении SQL запроса в Laravel выскакивает ошибка:
SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '' for key 'users_username_unique' (SQL: insert into `users` (`email`, `password`, `activationCode`, `isActive`, `updated_at`, `created_at`) values (Sokolov_A_2000@mail.ru, y$KYlaTrJ4JlItR3BTQT81D.el3mt4A.Uam9DvG.6FFLKBohCaGPxQC, CMo0BXN3Dj6cM3pV, 0, 2016-06-29 13:06:38, 2016-06-29 13:06:38))In MySQL, Enter a row in the child table without having row in the parent table
Example of insert row in Child table without having a row in Parent table MySQL
- Create the table Parent P1 and Child C1.
mysql> create table p1(id integer primary key, name varchar(100));
Query OK, 0 rows affected (0.09 sec)
mysql> create table c1(cid integer primary key, pid integer, foreign key (pid) references p1(id));
Query OK, 0 rows affected (0.09 sec)
2. Insert data in the Parent and child table and child table throw error due to not presence of data in the parents table.
mysql> insert into p1 values (1,'a');
Query OK, 1 row affected (0.03 sec)
mysql> insert into p1 values (2,'b');
Query OK, 1 row affected (0.01 sec)
mysql> insert into c1 values (2,5);
ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`test`.`c1`, CONSTRAINT `c1_ibfk_1` FOREIGN KEY (`pid`) REFERENCES `p1` (`id`))
3. Disable the foreign key check and enable it.
mysql> SET FOREIGN_KEY_CHECKS = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> insert into c1 values (3,5);
Query OK, 1 row affected (0.02 sec)
mysql> SET FOREIGN_KEY_CHECKS = 1;
Query OK, 0 rows affected (0.00 sec)4. After enabling the foreign key check, the insert query throw error again.
mysql> insert into c1 values (4,5);
ERROR 1452 (23000): Cannot add or update a child row: a foreign key constraint fails (`test`.`c1`, CONSTRAINT `c1_ibfk_1` FOREIGN KEY (`pid`) REFERENCES `p1` (`id`))5. Verify the data in both P1 and C1 tables.
mysql> select * from c1;
+-----+------+
| cid | pid |
+-----+------+
| 3 | 5 |
+-----+------+
1 row in set (0.00 sec)
mysql> select * from p1;
+----+------+
| id | name |
+----+------+
| 1 | a |
| 2 | b |
+----+------+
2 rows in set (0.00 sec)You cannot determine if the parameter is vulnerable to SQLi based on this error alone. For more definitive proof, you need to manipulate the s_id parameter and see if you can get it to return a syntax error. This would indicate that the input of s_id is not being properly sanitized or parameterized.
Since the error message is showing you the SQL query, this is rather easy to test for. Try doing some of the following injections:
s_id=1,1,1&status=1
Query becomes: INSERT INTO a2.user_s_likes (s_id, user_id, status, added_on) VALUES (1,1,1, 924300, NULL, ‘2016-09-01 13:28:29’)
If vulnerable, you would expect to get an error about too many arguments / parameters.
s_id=1)&status=1
Query becomes: INSERT INTO a2.user_s_likes (s_id, user_id, status, added_on) VALUES (1), 924300, NULL, ‘2016-09-01 13:28:29’)
If vulnerable, you would expect to get an error message about an unexpected parenthesis.
s_id=1’&status=1
Query becomes: INSERT INTO a2.user_s_likes (s_id, user_id, status, added_on) VALUES (1′, 924300, NULL, ‘2016-09-01 13:28:29’)
If vulnerable, you would expect to get an error message about an unterminated literal string.
If you receive error messages about s_id having an incorrect data type / not being a number, then this would imply that the query is being parameterized and thus is not vulnerable.
In order to prove that an SQL injection vulnerability exists, you need to prove that the value of s_id is being interpreted as SQL. Syntax errors are the easiest way to do this.