Bug #17172 JDBC allowMultiQueries and SQL syntax errors
Submitted: 7 Feb 2006 0:20 Modified: 31 Mar 2014 10:57
Reporter: Kristen McGregor Email Updates:
Status: Can't repeat Impact on me:
None 
Category:Connector / J Severity:S2 (Serious)
Version:1 OS:Windows (Windows)
Assigned to: Alexander Soklakov CPU Architecture:Any

[7 Feb 2006 0:20] Kristen McGregor
Description:
Hello,
We wrote an application to show the effects of sql injection.  The application is written in Java, and is using JDBC to connect to the MySQL database.  We need to have multi-queries in one call.  However, if there is a syntax error in the queries, rather than returning the error, MySQL hangs.  Does anyone know why it would hang?
Any help is greatly appreciated.
Thanks,
Kris

How to repeat:

	public void testJDBCConnection() throws Exception
	{
		Class.forName("com.mysql.jdbc.Driver");
		
		String dataaccessConnection = "jdbc:mysql://localhost/theDatabase?allowMultiQueries=true";
				
		Connection conn = DriverManager.getConnection(
				dataaccessConnection,
				"username",
				"password" );
		try
		{			
			String sqlString = "SELECT * FROM User WHERE UserName = 'yourAppUserName'; invalidstuff";
			Statement stmt = null; // Or PreparedStatement if needed
			ResultSet rs = null;
			stmt = conn.createStatement();
			System.out.println("Before executing");
			rs = stmt.executeQuery(sqlString);
			System.out.println("After executing");
		}
		catch (Exception e)
		{
			System.out.println("Exception: " + e);
		}
		
	}
[7 Feb 2006 19:35] Kristen McGregor
It seems MySQL handles multiple queries fine so long as there is not a syntax error in any query following the first query.  Below are some examples:

SELECT * FROM User; SELECT * FROM User WHERE UserName = 'test';
-- Works

sjdflksfd; SELECT * FROM User WHERE UserName = 'test';
-- Works - returns a SQL Error message (Syntax error exists in first query)

SELECT * FROM User; SELECTTTT * FROM User WHERE UserName = 'test';
-- Hangs (Syntax error exists in second query)

Is there something we can do differently to prevent MySQL from hanging?
[22 Feb 2006 9:37] Valeriy Kravchuk
Thank you for a problem report. Please, specify the exact version of MySQL server used. 

Connect to the server with mysql command line client while your Java application "hangs", execute the SHOW PROCESSLIST command and send the results, please.
[22 Feb 2006 15:12] Kristen McGregor
Thank you for responding....
I am using MySQL Server 5.0.  Below is the output from SHOW PROCESSLIST while MySQL is "hanging".
Any feedback is greatly appreciated.
Thanks!
Kristen

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

U:\>c:

C:\>mysql
ERROR 1045 (28000): Access denied for user 'ODBC'@'localhost' (using password: N
O)

C:\>mysql -u root -p
Enter password: **********
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1359 to server version: 5.0.15-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SHOW PROCESSLIST;
+------+----------+----------------+-----------------+---------+------+-------+-
-----------------+
| Id   | User     | Host           | db              | Command | Time | State |
Info             |
+------+----------+----------------+-----------------+---------+------+-------+-
-----------------+
| 1359 | root     | localhost:1402 | NULL            | Query   |    0 | NULL  |
SHOW PROCESSLIST |
| 1360 | Symantec | localhost:1443 | brokenbrokerage | Sleep   |    6 |       |
NULL             |
+------+----------+----------------+-----------------+---------+------+-------+-
-----------------+
2 rows in set (0.00 sec)

mysql> SHOW FULL PROCESSLIST;
+------+----------+----------------+-----------------+---------+------+-------+-
----------------------+
| Id   | User     | Host           | db              | Command | Time | State |
Info                  |
+------+----------+----------------+-----------------+---------+------+-------+-
----------------------+
| 1359 | root     | localhost:1402 | NULL            | Query   |    0 | NULL  |
SHOW FULL PROCESSLIST |
| 1360 | Symantec | localhost:1443 | myUser | Sleep   |   22 |       |
NULL                  |
+------+----------+----------------+-----------------+---------+------+-------+-
----------------------+
2 rows in set (0.00 sec)

mysql>
[23 Feb 2006 9:19] Valeriy Kravchuk
Can you, please, try to repeat with a newer version of MySQL server, 5.0.18? What exact version of Connector/J do you use?
[23 Feb 2006 20:25] Kristen McGregor
I downloaded the latest MySQL, version 5.0.18, and also the latest Connector/J, version 3.1.12.  Unfortunately, I'm still having the same problem....  Do you have any other suggestions?
Thanks!
Kristen
[10 Mar 2006 20:46] Mark Matthews
Would you mind trying with a nightly snapshot of 3.1 or 5.0 from http://downloads.mysql.com/snapshots.php#connectorj

I think we've got this fixed (due to other fixes) in the latest code.
[10 Apr 2006 23:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[4 Feb 2012 11:58] vivek chundru
same problem with my system too....when ever any error occurs its shows the error and just hangs.i need to stop it from task manager.can any one help...i'm using mysql 5.5 command client.
note:hanging occurs only for command client but not workbench.
i'm using windows 7 home premium.
[6 Feb 2012 17:10] Valeriy Kravchuk
Last comment has nothing to do with Connector/J. Separate bug is opened for it (bug #64227).
[7 Mar 2012 1:00] Bugs System
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[31 Mar 2014 10:57] Alexander Soklakov
I close this report as "Can't repeat" because latest c/J 5.1.29 doesn't hang in described cases. Please, feel free to reopen it if the problem still exists in current driver.