Hi, Instead of the usual 80040e07 regarding syntax error, I get the following: Microsoft OLE DB Provider for ODBC Drivers (0x80040E07) Microsoft][ODBC SQL Server Driver][SQL Server]Operand type clash: ntext is incompatible with int I have tried union select username,1,1,.... (20+ columns) from table union select 1,username,1,1.... union select 1,1,username,1... but they still give me the same errors. Is there any way to create the query so that it will return the correct information? I've also tried union select convert(sql_variant,username),1,1,... but it produced the same result as well. My second problem is that I cannot execute this: http://target/da.asp?userid=user' or 1=1; select * from information_schema.tables-- I get Error Type: ADODB.Recordset (0x800A0CB3) Current Recordset does not support bookmarks. This may be a limitation of the provider or of the selected cursortype. Does this mean that the query has been passed to the SQL server, but it does not know how to return the results? What can I do to execute the queries successfully? From other error messages that I got, the query is something like this: SELECT username FROM table_name WHERE userid like %input% ORDER BY username ASC. Any help is greatly appreciated. --mel ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Mar 15 2002 - 10:24:07 PST