I'm having trouble understanding the syntax computed response text in Watson Assistant. For example the following works
intents = <? input.text.contains( 'intents' ) ? intents : 'NA' ?>
but does not produced the desired result which is to make "intents =" conditional as well. The obvious attempt with
<? input.text.contains( 'intents' ) ? 'intents =' intents : 'NA' ?>
does not work (and simply echos the entire expression above as text).
What am I doing wrong here? What is the syntax nested expressions in Watson Assistant?
The following configuration works in the UI:
The syntax is based on SpEL and some is documented specifically for WA here. You could write that with a ternary operator.
The problem I had with your question is that "intents" is a reserved word. It is the variable holding the detected intents. It can be accessed in different ways.
For the ternary operator and string concatenation as expression use:
<? intents.size() > 0 ? 'intents ='+intents : 'NA' ?>
Related
I'm trying to exploit an SQL injection on a website (in the name of Science, of course). After some tests I found how the back-end works. The SQL query is formed like this:
$query = 'SELECT * FROM TABLE WHERE ID ='.$segment
where $segment is the second path segment from the URL. In case of http://vict.im/menu/10 it equals 10. Symbols /, # and everything after them is ignored, so the previous link, http://vict.im/menu/10/blah-blah and http://vict.im/menu/10#blah-blah give the same result.
The problem here is that the segment-parser doesn't URLdecode() the segment. If I send .../menu/30 ; it will be encoded to .../menu/30%20;, and MySQL will interpret it as remainder of division, returning us result where ID = 10. By the same reason + is not replaced for whitespace, it works as an operator.
So, it's needed to make an injection that doesn't contain any symbols usually encoded by web browsers. For example, .../menu/(10)or(1=1), boolean-based injection .../menu/9+(USER()='Smith') and .../menu/CONCAT('1','0') work fine.
How can I explain this situation to Sqlmap? Is there a tamper script for this? Are there any other ways to bypass this "protection"?
P.S. It seems following symbols can be used: ! $ & ' ( ) * + , : ; = ? # [ ] plus mixalpha-numeric.
I've got a problem with full-text search query. It is being sent from the inside of Symfony (2.8) controller, if that's important. The code is:
// not processed text (apart from multiple spaces) from form:
$searchTerm = preg_replace('!\s+!', ' ', trim($data['query']));
// for full-text search:
$searchTermPhrase = str_replace(' ', '* ', $searchTerm) . '*';
$entityManager = $this->getDoctrine()->getManager();
// as far as I remember, query taken from StackOverflow after some tests
$statement = $entityManager->getConnection()
->prepare(
"SELECT COUNT(id) AS books_count
FROM book
WHERE
MATCH(title) AGAINST (:searchTermPhrase IN BOOLEAN MODE) > 5
AND active = true
");
$statement->execute(array('searchTermPhrase' => $searchTermPhrase));
$titlesCount = $statement->fetch();
$titlesCount = $titlesCount['books_count'];
Now, it works great. Most of the time. But if user puts some special chars inside, for example (title), "title" etc., it fails:
SQLSTATE[42000]: Syntax error or access violation:
1064 syntax error, unexpected $end, expecting
FTS_TERM or FTS_NUMB or '*'
I don't get it, I use parametrized query, it should automatically take care of such cases...? I don't want to end up stripping all non-alphanumeric characters, or testing, which exactly cause problems, but I'm out of ideas.
Looks like this is InnoDB issue, see this report https://bugs.mysql.com/bug.php?id=72605. I've faced with same issue, changed engine to MyISAM it started to work
Well, as mentioned, got the same problem. I looked at our code and it is clear that BOOLEAN MODE causes this problems.
First of all: "title" should work, while "title should throw the error above.
Take a look at all the boolean operators: https://dev.mysql.com/doc/refman/8.0/en/fulltext-boolean.html
With this mode you can provide great search experience by letting the user search for apples but not bananas: +apple -banana. But wrongly entered Parenthesis or Quotes break it logic.
Question is: is there a regex or function to detect if the search term is valid for boolean mode? Else it should default to natural language mode.
I'm totally new in yii2 and I want to know what does it mean the colon in the query?
I have made a research about binding parameters, but in the yii2 documentation says:
// returns all inactive customers
$sql = 'SELECT * FROM customer WHERE status=:status';
which side is from the data base? the left side or the right side?
which is a simple text and which one is a column from the DB? Im so confused.
what would be another way to make the query without the colon? is it valid?
why it has 'anyo = **:**valor' in the next example? and some others dont?
$dbLibro = Libro::find()->where('tipo = "Nacimiento"')->andWhere('cerrado = 0')->andWhere('anyo = :valor',[':valor'=>date("Y")])->one();
I hope its clear cause the documentation is a bit confusing for me.
The colons are not directly related with Yii2, it's related with PHP PDO extension that used by Yii2.
Each colon is placeholder used later for binding value. Check for example this question.
If we write this query in ActiveQuery:
SELECT * FROM customer WHERE status = :status
we can get something like this:
$query = Customer::find()->where('status = :status', [':status' => Customer::STATUS_ACTIVE]);
Assuming STATUS_ACTIVE constant equals to 1, after execution it transforms to this:
SELECT * FROM "customer" WHERE status = 1
So the left side (before equals) represents column name, right part - value which will be safely binded after.
But you don't have to write params by yourself, Yii2 QueryBuilder generates it automatically for you.
There are other ways to write query without colons and they are used more often. This query can be written like this:
$query = Customer::find(['status' => Customer::STATUS_ACTIVE]);
$models = $query->all();
Or like this using shortcut:
$models = Customer::findAll(['status' => Customer::STATUS_ACTIVE]);
Or it can be even put inside of a scope:
$models = Customer::find()->active();
In this case Yii generates parameters automatically and it will be equivalent to this:
SELECT * FROM "customer" WHERE "status"=:qp1
Value 1 will be binded to :qp1 parameter, note that in this case column names are also double quoted.
If you try to use more conditions, params will be :qp2, :qp3 and so on (default PARAM_PREFIX is :qp).
As for your second query, it can be rewritten like this:
$model = Libro::find()
->where([
'tipo' => 'Nacimiento',
'cerrado' => 0,
'anyo' => date('Y'),
])->one();
Such queries look way better and readable in this state.
Yii2 allows generate even more complex conditions in queries, check this section of the docs for more details.
P.S. It's better to use english for naming in your code. Think about other international developers supporting your code. date('Y') can be calculated using database functions depending on used RDBMS.
I am using DBIx::Class and I would like to select rows based on what day of the year they were inserted on. Below is my query:
$rows = $c->model("DB::Test")->search(
{
"DAYOFYEAR(entry_time)"=>$day_of_year,
});
However this doesn't work because DBIx::Class treats DAYOFYEAR(entry_time) as a column. Is there anyway I could have it use that value litteraly? I know sometimes making it a scalar such as \'DAYOFYEAR(entry_time)' will work for some situations, but I've tried that and it doesn't work. Does anyone know of a way that I could do this? Thanks!
Using \ and 'DAYOFYEAR(entry_time)' is the right approach, and part of the FAQ.
[How do I] .. search with an SQL function on the left hand side?
To use an SQL function on the left hand side of a comparison you currently need to resort to literal SQL:
->search( \[ 'YEAR(date_of_birth) = ?', [ plain_value => 1979 ] ] );
Note: the plain_value string in the [ plain_value => 1979 ] part should be either the same as the name of the column (do this if the type of the return value of the function is the same as the type of the column) or in the case of a function it's currently treated as a dummy string (it is a good idea to use plain_value or something similar to convey intent). The value is currently only significant when handling special column types (BLOBs, arrays, etc.), but this may change in the future.
I have the following where clause in a t-sql statement:
where a.CELL_GEOM.STIntersects(
STGeomFromText('POLYGON((-25.43623984375 44.257784519021, 21.62918984375 44.257784519021, 21.62918984375 60.752403080295, -25.43623984375 60.752403080295, -25.43623984375 44.257784519021))', 4326)) = 'true'
The line reports the error:
'STGeomFromText' is not a recognized built-in function name.
How can I use the well known text value shown in this function? Am I just using incorrect syntax with the STGeomFromText as that is the only example I have seen.
Try prefixing the name of the function with geometry:: like in the documentation?
E.g. : geometry::STGeomFromText( ...
Link to documentation