Spurious data being inserted in field

Hello

Periodically, some of the records in one table have one field updated to the 
following value:

    <!--<1586567094>-->

It is the most bizarre thing I have ever seen.  We have checked all our 
servers and stored procedures for any occurrence of this value in scripts or 
ASP pages but none exist.  We're fearing SQL injection or similar but in our 
application this field is only updated from one place and it's tight against 
hacking.

If it was a hack we would think the value might be something else, so we're 
presuming some sort of corruption or similar.  We're at a loss.

Does anyone have any suggestions?

Thanks and regards

Mike 


0
Mike
7/21/2010 4:24:49 PM
sqlserver.server 1327 articles. 0 followers. Follow

14 Replies
1107 Views

Similar Articles

[PageSpeed] 11

> If it was a hack we would think the value might be something else, so 
> we're presuming some sort of corruption or similar.  We're at a loss.

This could very well be a hack.   For example, the value 1586567094 might be 
someone's SSN that the hacker was able to harvest and display on a web page. 
I suggest run run a server side trace (not Profiler) continuously with a 
filter to log the problem update when it occurs.

I don't know what steps you've taken to prevent SQL injection, but here is 
my short list is:

- perform data access exclusively from stored procedures

- execute procedures from app code using command type stored procedure along 
with parameter objects (never build and execute SQL Statement strings with 
concatenation, especially form fields and URL data)

- grant no permissions on tables and leverage ownership chaining security

- use a minimally privileged account with only stored procedure execute 
permissions

- no dynamic SQL in stored procedures

Separately, you can mitigate other security vulnerabilities (e.g. criss-site 
scripting) with stringent input and output validation.

-- 
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

"Mike Myers" <bookham_measures@yahoo.com> wrote in message 
news:#QyMGFPKLHA.1996@TK2MSFTNGP06.phx.gbl...
> Hello
>
> Periodically, some of the records in one table have one field updated to 
> the following value:
>
>    <!--<1586567094>-->
>
> It is the most bizarre thing I have ever seen.  We have checked all our 
> servers and stored procedures for any occurrence of this value in scripts 
> or ASP pages but none exist.  We're fearing SQL injection or similar but 
> in our application this field is only updated from one place and it's 
> tight against hacking.
>
> If it was a hack we would think the value might be something else, so 
> we're presuming some sort of corruption or similar.  We're at a loss.
>
> Does anyone have any suggestions?
>
> Thanks and regards
>
> Mike
> 
0
Dan
7/21/2010 5:02:45 PM
It's hard to tell from here, but it has the signatures of a SQL
injection attack.

-Eric Isaacs
0
Eric
7/21/2010 5:05:47 PM
Mike Myers wrote:
> Hello
>
> Periodically, some of the records in one table have one field updated
> to the following value:
>
>     <!--<1586567094>-->

I might be wrong, but this appears to be harmless - it does not appear
to be encrypted script.

>
> It is the most bizarre thing I have ever seen.  We have checked all
> our servers and stored procedures for any occurrence of this value in
> scripts or ASP pages but none exist.  We're fearing SQL injection or

With good reason ...

> similar but in our application this field is only updated from one
> place and it's tight against hacking.
>
The evidence suggests otherwise ... :-)
Where does the application get the data it puts in this field?


> If it was a hack we would think the value might be something else, so
> we're presuming some sort of corruption or similar.  We're at a loss.
>
> Does anyone have any suggestions?
>

Conjecture A:
A hacker or hacking bot has figured out that your site is vulnerable to
sql injection and has been able to figure out the name of a single field
in a single table and is probably trying to figure out more of your
schema (probably by causing informative error messages to be returned
from your application). The data inserted into your table is probably a
byproduct of those attempts, rather than the actual payload, since the
string seems to be harmless. If there were more to it, or it is actually
encrypted script, then the hacker is counting on your application
sending that string to a client browser without html-encoding it.

Conjecture B:
No sql injection is involved: a user of your app is purposely entering
that string into an input element and submitting it

-- 
HTH,
Bob Barrows


0
Bob
7/21/2010 5:07:25 PM
"Bob Barrows" <reb01501@NOyahoo.SPAMcom> wrote in message 
news:i279gp$gra$1@news.eternal-september.org...
> Mike Myers wrote:
>> Hello
>>
>> Periodically, some of the records in one table have one field updated
>> to the following value:
>>
>>     <!--<1586567094>-->
>
> I might be wrong, but this appears to be harmless - it does not appear
> to be encrypted script.
>
>>
>> It is the most bizarre thing I have ever seen.  We have checked all
>> our servers and stored procedures for any occurrence of this value in
>> scripts or ASP pages but none exist.  We're fearing SQL injection or
>
> With good reason ...
>
>> similar but in our application this field is only updated from one
>> place and it's tight against hacking.
>>
> The evidence suggests otherwise ... :-)
> Where does the application get the data it puts in this field?
>
>
>> If it was a hack we would think the value might be something else, so
>> we're presuming some sort of corruption or similar.  We're at a loss.
>>
>> Does anyone have any suggestions?
>>
>
> Conjecture A:
> A hacker or hacking bot has figured out that your site is vulnerable to
> sql injection and has been able to figure out the name of a single field
> in a single table and is probably trying to figure out more of your
> schema (probably by causing informative error messages to be returned
> from your application). The data inserted into your table is probably a
> byproduct of those attempts, rather than the actual payload, since the
> string seems to be harmless. If there were more to it, or it is actually
> encrypted script, then the hacker is counting on your application
> sending that string to a client browser without html-encoding it.
>
> Conjecture B:
> No sql injection is involved: a user of your app is purposely entering
> that string into an input element and submitting it
>
> -- 
> HTH,
> Bob Barrows
>
>

Thank you for your help everyone.  I shall run a trace and see what that 
yields.  I understand the concerns of SQL injection but it is a simple HTML 
form that records based on their primary key and the owner User ID as well. 
Everything is escaped properly and all numbers/IDs converted/checked to be 
numbers before they hit the database.

I was going to create a trigger to audit the setting of these values but as 
the field is text (it's an old app, else we'd be using varChar(max)), they 
can't be used.

Regards

Mike 


0
Mike
7/22/2010 9:31:54 AM
> Everything is escaped properly and all numbers/IDs converted/checked to be 
> numbers before they hit the database.

So you are not using parameterized queries?  IMHO, that's an accident 
waiting to happen (or already has).

-- 
Hope this helps.

Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/

 

0
Dan
7/22/2010 10:55:00 AM
"Dan Guzman" <guzmanda@nospam-online.sbcglobal.net> wrote in message 
news:FC615F27-F936-49E7-BACD-A437858588C2@microsoft.com...
>> Everything is escaped properly and all numbers/IDs converted/checked to 
>> be numbers before they hit the database.
>
> So you are not using parameterized queries?  IMHO, that's an accident 
> waiting to happen (or already has).
>
> -- 
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
> http://weblogs.sqlteam.com/dang/
>
>
>

Hi Dan

No, and I will now change this page to do so.  I ran a trace for a while but 
it yielded nothing.

Regards

Mike 


0
Mike
7/22/2010 12:49:16 PM
Bob Barrows wrote:
> Conjecture B:
> No sql injection is involved: a user of your app is purposely entering
> that string into an input element and submitting it

When the DB has become corrupted and the RDBMS tries to repair/restore 
data something like this may happen. I have a vague recollection of this 
happening a long time ago. Just open the data store in the latest 
version of the DBMS and do an export to another data store in the latest 
version of the DB. Then manually check all the data is fine. If okay, 
use that data store.

This does not mean you should ignore possibilities that others have 
pointed out.

-- 
  Bwig Zomberi
0
Bwig
7/27/2010 6:27:48 AM
Bwig Zomberi (zomberiMAPSONNOSPAM@gmail.invalid) writes:
> When the DB has become corrupted and the RDBMS tries to repair/restore 
> data something like this may happen. 

No, if you get <!--<1586567094>--> inserted from nowhere, it is highly
unlikely that this is due to corruption. On the other hand if you had 7 in a 
cell, and then the next day you have 2035 there, this is a very likely due 
to corruption.

As for repairs, SQL Server would never tries to guess a value. Either it 
repairs without data loss, or it throughs the data away. (And you have 
explicitly to allow data loss for it to happen.)
 


-- 
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

0
Erland
7/27/2010 8:17:02 AM
"Mike Myers" <bookham_measures@yahoo.com> wrote in message 
news:%23QyMGFPKLHA.1996@TK2MSFTNGP06.phx.gbl...
> Hello
>
> Periodically, some of the records in one table have one field updated to 
> the following value:
>
>    <!--<1586567094>-->
>
> It is the most bizarre thing I have ever seen.  We have checked all our 
> servers and stored procedures for any occurrence of this value in scripts 
> or ASP pages but none exist.  We're fearing SQL injection or similar but 
> in our application this field is only updated from one place and it's 
> tight against hacking.
>
> If it was a hack we would think the value might be something else, so 
> we're presuming some sort of corruption or similar.  We're at a loss.
>
> Does anyone have any suggestions?
>
> Thanks and regards
>
> Mike
>

Well thanks guys.

We have found one other record in this same table with a similar value, 
similarly meaningless.

We did some analysis and it seems that only records created before the 12th 
July were affected.  This means the injection/corruption either happened on 
this date or some other conic.  23124 records have been affected out of a 
total of 45826, (some of which may have been updated back to a more 
meaningful description so are no longer included in the erroneous count).

We've switched to using stored procedures for the updates to this table but 
I am not convinced we've found the problem.  The database is 85GB so playing 
at restoring backups is a nightmare.

Regards

Mike



0
Mike
7/28/2010 10:09:57 AM
Mike Myers wrote:
> "Mike Myers" <bookham_measures@yahoo.com> wrote in message
> news:%23QyMGFPKLHA.1996@TK2MSFTNGP06.phx.gbl...
>> Hello
>>
>> Periodically, some of the records in one table have one field
>> updated to the following value:
>>
>>    <!--<1586567094>-->
>>
>> It is the most bizarre thing I have ever seen.  We have checked all
>> our servers and stored procedures for any occurrence of this value
>> in scripts or ASP pages but none exist.  We're fearing SQL injection
>> or similar but in our application this field is only updated from
>> one place and it's tight against hacking.
>>
>> If it was a hack we would think the value might be something else, so
>> we're presuming some sort of corruption or similar.  We're at a loss.
>>
>> Does anyone have any suggestions?
>>
>> Thanks and regards
>>
>> Mike
>>
>
> Well thanks guys.
>
> We have found one other record in this same table with a similar
> value, similarly meaningless.
>
> We did some analysis and it seems that only records created before
> the 12th July were affected.  This means the injection/corruption
> either happened on this date or some other conic.  23124 records have
> been affected out of a total of 45826, (some of which may have been
> updated back to a more meaningful description so are no longer
> included in the erroneous count).
> We've switched to using stored procedures for the updates to this
> table but I am not convinced we've found the problem.  The database
> is 85GB so playing at restoring backups is a nightmare.
>
> Regards
>
> Mike

Switching to a parameterized stored procedure is certainly a good thing, but 
it might not be enough. This hacker inserted html into your table, which 
means that he is counting on you reading the data from the table and passing 
it to a client browser without encoding. Think of the ramifications if he 
had inserted something like <img src='webpage that downloads a keylogger'> 
into your table instead of the innocuous comment he did insert. Again, the 
fact that it was innocuous indicates to me that he was testing your 
defenses, seeing if he could cause html to be passed back to his client 
untouched.

So, you also need to verify that you are correctly handling data retrieved 
from the database, using htmlencode when passing it to a client. 


0
Bob
7/28/2010 10:48:43 AM
Mike Myers (bookham_measures@yahoo.com) writes:
> We've switched to using stored procedures for the updates to this table
> but I am not convinced we've found the problem.  The database is 85GB so
> playing at restoring backups is a nightmare. 
 
Beware that using stored procedures alone is not sufficient. You also need 
to call them in the proper way. If you send EXEC statements to SQL Server 
you are as exposed as ever.


-- 
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx

0
Erland
7/28/2010 12:39:57 PM
"Bob Barrows" <reb01501@yahoo.com> wrote in message 
news:cWT3o.44213$f_3.34012@newsfe17.iad...
> Mike Myers wrote:
>> "Mike Myers" <bookham_measures@yahoo.com> wrote in message
>> news:%23QyMGFPKLHA.1996@TK2MSFTNGP06.phx.gbl...
>>> Hello
>>>
>>> Periodically, some of the records in one table have one field
>>> updated to the following value:
>>>
>>>    <!--<1586567094>-->
>>>
>>> It is the most bizarre thing I have ever seen.  We have checked all
>>> our servers and stored procedures for any occurrence of this value
>>> in scripts or ASP pages but none exist.  We're fearing SQL injection
>>> or similar but in our application this field is only updated from
>>> one place and it's tight against hacking.
>>>
>>> If it was a hack we would think the value might be something else, so
>>> we're presuming some sort of corruption or similar.  We're at a loss.
>>>
>>> Does anyone have any suggestions?
>>>
>>> Thanks and regards
>>>
>>> Mike
>>>
>>
>> Well thanks guys.
>>
>> We have found one other record in this same table with a similar
>> value, similarly meaningless.
>>
>> We did some analysis and it seems that only records created before
>> the 12th July were affected.  This means the injection/corruption
>> either happened on this date or some other conic.  23124 records have
>> been affected out of a total of 45826, (some of which may have been
>> updated back to a more meaningful description so are no longer
>> included in the erroneous count).
>> We've switched to using stored procedures for the updates to this
>> table but I am not convinced we've found the problem.  The database
>> is 85GB so playing at restoring backups is a nightmare.
>>
>> Regards
>>
>> Mike
>
> Switching to a parameterized stored procedure is certainly a good thing, 
> but it might not be enough. This hacker inserted html into your table, 
> which means that he is counting on you reading the data from the table and 
> passing it to a client browser without encoding. Think of the 
> ramifications if he had inserted something like <img src='webpage that 
> downloads a keylogger'> into your table instead of the innocuous comment 
> he did insert. Again, the fact that it was innocuous indicates to me that 
> he was testing your defenses, seeing if he could cause html to be passed 
> back to his client untouched.
>
> So, you also need to verify that you are correctly handling data retrieved 
> from the database, using htmlencode when passing it to a client.
>

Hi Bob

No, the value is shown on the Site as it appears in the database.  We encode 
all our output.  Our end users brought this to our attention as they could 
see the error value.  If someone entered an image tag, that is what would 
display, not the image.  I was wondering if <!--< was some know server side 
scripting tag.  I've come across a few such as <!--# and <!--[ so wondered 
if this was something along those lines - perhaps even trying to execute 
code server side.

Thanks for your time on this.

Mike 


0
Mike
7/28/2010 2:41:36 PM
Mike Myers wrote:
>> Switching to a parameterized stored procedure is certainly a good
>> thing, but it might not be enough. This hacker inserted html into
>> your table, which means that he is counting on you reading the data
>> from the table and passing it to a client browser without encoding.
>> Think of the ramifications if he had inserted something like <img
>> src='webpage that downloads a keylogger'> into your table instead of
>> the innocuous comment he did insert. Again, the fact that it was
>> innocuous indicates to me that he was testing your defenses, seeing
>> if he could cause html to be passed back to his client untouched.
>>
>> So, you also need to verify that you are correctly handling data
>> retrieved from the database, using htmlencode when passing it to a
>> client.
>>
>
> Hi Bob
>
> No, the value is shown on the Site as it appears in the database.  We
> encode all our output.  Our end users brought this to our attention
> as they could see the error value.  If someone entered an image tag,
> that is what would display, not the image.

And that explains why he (or it - it could've been a bot) gave up. Your
defenses were good. Well done.


> I was wondering if <!--<
> was some know server side scripting tag.  I've come across a few such
> as <!--# and <!--[ so wondered if this was something along those
> lines - perhaps even trying to execute code server side.
>

I've never seen <!--[, where have you seen that? I've also never seen
<!--<
-- 
HTH,
Bob Barrows


0
Bob
7/28/2010 3:09:43 PM
"Mike Myers" <bookham_measures@yahoo.com> wrote in message 
news:e#utBMmLLHA.4084@TK2MSFTNGP05.phx.gbl...
>
> "Bob Barrows" <reb01501@yahoo.com> wrote in message 
> news:cWT3o.44213$f_3.34012@newsfe17.iad...
>> Mike Myers wrote:
>>> "Mike Myers" <bookham_measures@yahoo.com> wrote in message
>>> news:%23QyMGFPKLHA.1996@TK2MSFTNGP06.phx.gbl...
>>>> Hello
>>>>
>>>> Periodically, some of the records in one table have one field
>>>> updated to the following value:
>>>>
>>>>    <!--<1586567094>-->
>>>>
>>>> It is the most bizarre thing I have ever seen.  We have checked all
>>>> our servers and stored procedures for any occurrence of this value
>>>> in scripts or ASP pages but none exist.  We're fearing SQL injection
>>>> or similar but in our application this field is only updated from
>>>> one place and it's tight against hacking.
>>>>
>>>> If it was a hack we would think the value might be something else, so
>>>> we're presuming some sort of corruption or similar.  We're at a loss.
>>>>
>>>> Does anyone have any suggestions?
>>>>
>>>> Thanks and regards
>>>>
>>>> Mike
>>>>
>>>
>>> Well thanks guys.
>>>
>>> We have found one other record in this same table with a similar
>>> value, similarly meaningless.
>>>
>>> We did some analysis and it seems that only records created before
>>> the 12th July were affected.  This means the injection/corruption
>>> either happened on this date or some other conic.  23124 records have
>>> been affected out of a total of 45826, (some of which may have been
>>> updated back to a more meaningful description so are no longer
>>> included in the erroneous count).
>>> We've switched to using stored procedures for the updates to this
>>> table but I am not convinced we've found the problem.  The database
>>> is 85GB so playing at restoring backups is a nightmare.
>>>
>>> Regards
>>>
>>> Mike
>>
>> Switching to a parameterized stored procedure is certainly a good thing, 
>> but it might not be enough. This hacker inserted html into your table, 
>> which means that he is counting on you reading the data from the table 
>> and passing it to a client browser without encoding. Think of the 
>> ramifications if he had inserted something like <img src='webpage that 
>> downloads a keylogger'> into your table instead of the innocuous comment 
>> he did insert. Again, the fact that it was innocuous indicates to me that 
>> he was testing your defenses, seeing if he could cause html to be passed 
>> back to his client untouched.
>>
>> So, you also need to verify that you are correctly handling data 
>> retrieved from the database, using htmlencode when passing it to a 
>> client.
>>
>
> Hi Bob
>
> No, the value is shown on the Site as it appears in the database.  We 
> encode all our output.  Our end users brought this to our attention as 
> they could see the error value.  If someone entered an image tag, that is 
> what would display, not the image.  I was wondering if <!--< was some know 
> server side scripting tag.  I've come across a few such as <!--# and 
> <!--[ so wondered if this was something along those lines - perhaps even 
> trying to execute code server side.
>
> Thanks for your time on this.
>
> Mike
>

<!-- is simply a comment tag - normally values within the <!-- and --> tags 
are not displayed in the browser. <!--# is a special case in that it 
indicates a server side include (SSI) if the server application supports it, 
for instance it is used a lot in ASP applications for including common 
files. I've never seen <!--[, but that is again simply a comment tag if the 
[ has no special meaning to the server application processing the fikes.

Given that these entries are comments, it would seem odd that they would be 
the result of an attack as normally it's script tags that are injected in 
order to try to install something on browsers that visit the site. Are you 
sure someone hasn't been doing some testing on the database or server and 
inadvertently updated all these rows? Do the numbers have any relation to 
data in the row they are found in?

Dan 

0
Dan
7/28/2010 4:20:25 PM
Reply:

Similar Artilces:

Comparing Data
Hi All, Think this is probably an easy question but I just can't seem to figure out how to do it. I have 7 columns of data see example below. I want to compare the data in each column and come up with a separate list of all the names and how many time they occur. Column 1 Column 2 Column 3 Column 4 Column 5 Column 6 Column 7 Jo Ben Ben Jo Frank Henry Jo Ben Frank Henry Marge Frank Ben Henry Frank Frank Frank Such as a list now saying Jo 3 Ben 4 Henry 3 Frank 6 Marge 1 I have around 200 items in each column but not each column has them all in the s...

converting data into dozens
Hi, does anyone know an easy way of converting numerical data so that it calculates the results in dozens? For instance, if i wanted to add 3doz 11 and 2doz 3, it will result in 6doz 2. simple in principle, but have found no one who can come up with a formula for this. den Hi, how is the data arranged, i.e is 3doz in cell a1, and 11 in cell b1 etc? den wrote: >Hi, does anyone know an easy way of converting numerical data so that >it calculates the results in dozens? >For instance, if i wanted to add 3doz 11 and 2doz 3, it will result in >6doz 2. > >simple in principle, b...

Send data from a cell to a table
I have created a template excel sheet that I want to use to keep track of patients for a friend in the medical field. The friend will open the sheet and save it as the patient's last name. My problem is that he wants a billing sheet each day. I think that the solution is to have a cell in the template sheet that submits data to the next available cell in a table in a "master" excel sheet ... a sheet that keeps a running total of all entries. If such a cell were to exist in the template file, it should be copied to all new patient files. I'm not sure if this makes ...

Pull data from existing entries for a drop down box
I have a database that I put information in everyday with prospective bid invitations. There are times I get the same invitation from several different general contractors. I would like to be able to use a drop down box or as I'm typing the information will query the existing data and auto populate, kind of like Excel does. If you are saying you have duplicated information in your table, that is not a good design. You need to move this information into a separate table e.g. a general contractors table. Your tables would be: BidInvitations table: BidInvitationId Contrac...

eXtender question
Hello Everybody. We added an eXtender window to the Manufacturing Bill of Material window - we need to include several key fields (PPN, CPN, BoM Type) - When we create a view based on this window, the key fields all get concatenated into one. Is there a way around this? I need each of the individual key fields. Splitting them based on a fixed length per field is not an option. We are using GP10. Thank you for any help you can provide. You need to use EXT00100 table to split out key fields. On Sep 28, 12:39=A0pm, Maria <Ma...@discussions.microsoft.com> wrote:...

Data Validation on Cells
How can I restraint the user from entering odd numbers in the cell?( but I need the outcome to be in multiples of 5). Thanks. Ringo Tan Hi select the cell that you want to put the validation on and choose data / validation choose custom and type in the formula box =AND(MOD(A1,5)=0,MOD(A1,2)=0) where A1 is the current cell copy & paste special - validation as necessary Cheers julied "ringo tan" <ringo tan@discussions.microsoft.com> wrote in message news:AC2685D8-925E-4AF2-AE8A-713BC035C2B5@microsoft.com... > How can I restraint the user from entering odd numbers in...

Data type issue in excel sheets
Hi, I'm looking forward to valuable suggestions from experts,we are trying to port data from excel sheets to SQL Server2000,all the data gets transferred except one column.During import, the data type for that column shows as double BUT ACTUALLY THAT COLUMN HAS TEXT DATA.we tried changing that type to text/general it shows in excel as changed but while import shows type as DOUBLE.we are not able to make out where its type is set as double and even if that is the case how it accepts text data in that particular column?? Can anyone please enlighten us on this problem??we hav ego tstuck wit...

Spurious Duplication
Using Outlook 2000... On creating a new appointment, Outlook created about 20 instances of the appointment, all on the same date, all at the same times. I deleted each extra appointment, one at a time, until the intended single instance was displayed, and thought no more about it. It has now happened several times, and I can find no peculiar circumstances relating to them. I don't even know how to create the problem. Any ideas please ??? Vaughan ...

How to Foolproof data entry? DataForm
I am trying to make a worksheet protected from users manuall entering/editing data. I would like them to ONLY be able to Add/Edit data through the Data - Form utility. Does anyone know if there is a way to only allow inputting/editing o cells to only be done by Data -> Form? (if you protect the worksheetm DataForm won't allow Add/Edit either) Thanks : ----------------------------------------------- ~~ Message posted from http://www.ExcelTip.com ~~View and post usenet messages directly from http://www.ExcelForum.com Not totally sure about forms, but i presume there is some sort...

No data showing in query
I am new to Access and am using Access 2007. I wanted to create a query to bring data together from several tables to complete forms and form letters. I used the Query Wizard to create a query which selected data from the different tables. It worked fine and I was able to complete a form in Word. I have now used the the same process using the same tables for a couple of other queries but now there is no data in those datasheets. Anything I'm missing here? Thanks. There are three ways of creating a query. The query wizard, which you've used, is at one end of the &q...

How do I format the Auto Date font that is inserted
Sorry to bother with such a minor thing.... When creating a page that is captured from the web, a date and time is already inserted at the top of the page... which is great. The only problem is that it is so tiny and light colored font that it is hard to see. Is there a way to change that font? Thank you. Nancy PS- I just started using Onenote and it is a great program! I just love it. Perfect for what I need. Never mind... I see the answer in a previous post. Sorry, I thought I had read all the previous post headers. Nancy "Nancy" <weewee37@hotmail.c...

Data List
I have a workbook with multiple sheets. I want to have all my Data Lists for drop down menus on their own seperate worksheet within that workbook. It says in Excel instructions that it can be done but when I try to do it I get a pop up that says I can't have my data in a seperate worksheet. Is there a way around this? Thanks for any light......... If you give that range a nice name, you can have it on another sheet. Debra Dalgleish shows how: http://www.contextures.com/xlDataVal01.html#Name StompS wrote: > > I have a workbook with multiple sheets. I want to have all my Dat...

data entry help
I have a UserForm I am using to enter data for a monthly mileage program. The form has 1 combobox and several textboxes. Data will go into cells Sheet1!A8:F30. The combobox will be used to select one of several routine routes I take. The textboxes are for Date, OdometerStart, OdometerEnd, TotalMiles, Home/WorkMiles, and BusinessMiles. The Combobox has a rowsource to Sheet2!a1:a8. There are 3 things I need help with. First, I would like excel to start putting in data at Sheet1!a8 the first time I open the template, and then find the first empty row for each following entry. Second, when...

Summarization of Excel data
I need to summarize (subtotal) rows in an Excel spreadsheet. The subtotal command gets me part of the way there, but I need more functionality. I have 1000 records that I want to subtotal amount by customer number. But, I also need the customer name, address, record count, etc. in the subtotal record. I would like to be able to use an sql statement to do it, but don't know if possible. Any ideas? I don't know, but it sound like a job for a pivot table to me. As long as your dataset isn't dreadfully huge, I think it would do the trick. Eric Try DATA, SUBTOTAL This will m...

Autofilter on date fields should refelct the underlying data (rat.
I have a sheet with a list of dates formatted "ddd dd mm yy". It would be useful to be able to jump to a particular date using autofilter, but the drop down box offers the various dates in an order determined by the formatted version of the date (all Fridays, then Mondays, Saturdays, Sundays, Thursdays, Tuesdays and Wednesdays). It would be more helpful if the drop down box looked at the underlying date data and ordered the alternatives accordingly. Format them as "dd mm yy ddd". HTH Jason Atlanta, GA >-----Original Message----- >I have a sheet with a lis...

Labelling data points in a scatter chart
I'm having trouble editing data points to include text labels on what these data points represent. I'm using a scatter chart and have plotted the points to be just where I need them. I now need to attach text to each data point describing what it represents. Is this possible? Many thanks, Iain Hi, There is no built in way to link data labels to cells. But with the aid of this free addin you can do it. http://www.appspro.com/Utilities/ChartLabeler.htm Cheers Andy -- Andy Pope, Microsoft MVP - Excel http://www.andypope.info "iaintw" <iaintw@discussions.microsoft.c...

Importing data into public folder
I have 3 calendars that i am trying to import into the public folder and i am not sure how to go about doing this. The 3 calendars are in .pst format but i do not know what program i should use to import the calendars. I have used exmerge before for importing pst files how ever i do not know how to use it to import calendar's into a public folder. On Mon, 27 Nov 2006 11:35:48 -0500, "Jef A" <jef.aldrich@tatumllc.com> wrote: >I have 3 calendars that i am trying to import into the public folder and i >am not sure how to go about doing this. The 3 calendars are...

data type mismatch
I am working on a report that should return only current members. In the CommitmentDate table, each time a member renews, their renewal date is entered along with the enrollment period which is typically one year. I created a query to give me the date to which the membership is valid. So if a member renews 7/29/2009 for one year, the query returns 7/29/2010 as the "valid to" date. Another column sorts them into "current" or "expired" members based on the current date. The query is working and it follows: SELECT MemberCommitmentDates.MemberLookup, ...

Spurious data being inserted in field
Hello Periodically, some of the records in one table have one field updated to the following value: <!--<1586567094>--> It is the most bizarre thing I have ever seen. We have checked all our servers and stored procedures for any occurrence of this value in scripts or ASP pages but none exist. We're fearing SQL injection or similar but in our application this field is only updated from one place and it's tight against hacking. If it was a hack we would think the value might be something else, so we're presuming some sort of corruption or sim...

Problem writing Outlook data to Access table
I have been able to affect outlook and pull information from outlook and display it via MSGBOX and now a form. But it does not write the data to the table I created for it. I tried many ways to get and write the data, but nothing shows up in the table. What is wrong?? Private Sub cmdSaveNewRecords_Click() Dim objApp As Outlook.Application Dim objNS As Outlook.NameSpace Dim objFolder As Outlook.MAPIFolder Dim objDummy As Outlook.MailItem Dim objRecip As Outlook.Recipient Dim objAppt As Outlook.AppointmentItem Dim strMsg As String Dim strName As...

Table Data Missing
I'm using Excel 2007. I have created a table with customer numbers, names, status, and several other columns. I named this table including the header row 'Mortgage_Pay_Table'. Excel automatically named the table EXCLUDING the header as 'Table4'. This table has 37 rows excluding the header numbers from 100 to 136 in the first column. This table is formatted correctly for visual appearance, ease of data entry, and printing. I am trying to make a near 'duplicate' of this table on another sheet that would be hidden to generate raw data for analysis w...

Transfering data between sheets
Hi! Here is a tough one to crack! I want to transfer data from a particular cell in one sheet to a particular cell in the new sheet which I start a week later. That means- I need a function that will get data from the last sheet i.e. (n-1) to nr. (n) sheet which I establish subsequently every week.Each new sheet is numbered as (n+1) Hope I have explained it such that you can understand my query! Hi This macro adds a sheet at the end of a workbook, then copies the valu of cell A2 in the previously last sheet into cell A1 of the newly adde sheet Sub New_sheet() n = Sheets.Count Sheets.Add aft...

TO field no longer parses names correctly
I have some email distribution lists that I keep in plain text in this format: Smith, John; Cooper, Katy; I've always been able to copy and paste the plain text into the TO field, clicked on Check Names, and they would all be underlined, meaning that Exchange had looked them all up and verified them in the corporate address book. But now when I do that, it gives me an error message "Outlook found more than one Smith". If I click "Cancel", the TO field will convert all the commas into semicolons and really be messed up. Anyone know why this happened? Thanks. On Feb ...

Get data from a Delphi grid data
Hi, I have to write an MFC application that capture data from the Exe application that was created by Delphi , this control name is TStringGrid, it looks like the CListCtrl in MFC. I could capture the windows handle, the control handle. but I did not know how to get data from this cotrol because this control dont use the massage like the CListCtrl in MFC .... Anyone knows how to solve this problems?? Thanks ...

Data from Access query to Excel
To pull data from an Access 2003 database, I have created the queries in Access, then import into Excel. The problem is that all the numbers that are pulled into Excel are text and need to convert them into numbers to run formulas on. I have converted a few sheets by hand, but, some have will over 50,000 rows. Is there a function to select all number colums (the colums are the same through out the sheets) and convert? Thanks There are instructions here for converting text to numbers: http://www.contextures.com/xlDataEntry03.html You can select all the columns, and only the num...