SQL Error Messages

Prerequisite – SQL Injection While checking for SQL injection we all discover various error messages. Let us figure out the basic cause behind each error and how it appears in MySQL. Below are various error and their explanation. Error-1: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ” foo ‘ at line X. Explanation – If you entered a single quote and it altered the syntax of the database query, this is the expected error message. For MySQL, SQL injection may be present, but the same error message can appear in other contexts. 
Error-2: N/A Explanation – You have commented out or removed a variable that normally would be supplied to the database. 
Error-3: The used SELECT statements have different number of columns. Explanation – You will see this when you are attempting a UNION SELECT attack, and you specified different number of columns to the number in the original SELECT statement. 
Error-4: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ XXX, YYY from SOME_TABLE’ at line 1 Explanation – You commonly see this error message when your injection point occurs before the FROM keyword (Example, you have injected into the columns to be returned) and you have used the comment character to remove required SQL keywords. Try completing the SQL statement yourself while using your comment character. MySQL should helpfully reveal the column names XXX, YYY when this condition is encountered. 
Error-5: Table ‘DBNAME.SOMETABLE’ doesn’t exist. Explanation – Either you are trying to access a table or view that does not exist. Test your query against a table you know you have access to. MySQL should helpfully reveal the current database schema DBNAME when this condition is encountered. 
Error-6: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ ‘ at line 1. Explanation – You were probably altering something in a WHERE clause, and your SQL injection attempt has disrupted the grammar. 
Error-7: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ‘ ‘ line 1. Explanation – Your SQL injection attempt has worked, but the injection point was inside parentheses. You probably commented out the closing parentheses with injected comment characters (–). 
Error-8: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near XXXXX. Explanation – A general error message. The error messages listed previously all take precedence, so something else went wrong. It is likely that you can try alternative input and get a more meaningful message.