I'm having troubles to save, get and compare a crypto hash from mysql DB.
As mentioned, i'm using 'crypto' module in order to generate hash (that hash includes special charachters).
My table is using "utf8_unicode_ci" collation.
Beacause of those special chars, I had troubles saving the hash to the DB.
So, I've tried to use this method:
exports.real_escape_string = function real_escape_string(str) {
return str.replace(/[\0\x08\x09\x1a\n\r"'\\\%]/g, function (char) {
switch (char) {
case "\0":
return "\\0";
case "\x08":
return "\\b";
case "\x09":
return "\\t";
case "\x1a":
return "\\z";
case "\n":
return "\\n";
case "\r":
return "\\r";
case "\"":
case "'":
case "\\":
case "%":
return "\\" + char; // prepends a backslash to backslash, percent,
// and double/single quotes
}
});
};
That worked and it did manage to save the hash to the DB, but for some reason when saving it to the DB it changes the hash itself.
I'm using the famous mysql module in order to access and perform actions on mysql database:
var mysql = require('mysql');
What else can I try ?
Use base64 when saving to the DB, and then decode when reading.
Related
Trying to replicate the following MySQL query in Hibernate using CriteriaBuilder. This query adds first and last name, removes all whitespaces in between and search for results that matches the given string.
select * from users where replace(concat(first_name, last_name), " ", "") like 'jamesbon%';
final CriteriaBuilder criteriaBuilder = getCurrentSession().getCriteriaBuilder();
final CriteriaQuery<UserImpl> userCriteriaQuery = criteriaBuilder.createQuery(UserImpl.class);
final Root<UserImpl> userRoot = userCriteriaQuery.from(UserImpl.class);
// criteriaBuilder.concat(userRoot .get("firstName"), userRoot .get("lastName"))
Concat is available through the builder, so all you really need to add is the replace function.
What you need to do is create a class that implements org.hibernate.boot.spi.MetadataBuilderInitializer and use it to register the functions with Hibernate. Let's say your class is called com.project.hibernate.MetaContrib
package com.project.hibernate;
import org.hibernate.boot.MetadataBuilder;
import org.hibernate.boot.registry.StandardServiceRegistry;
import org.hibernate.boot.spi.MetadataBuilderInitializer;
import org.hibernate.dialect.function.StandardSQLFunction;
import org.hibernate.type.StringType;
public class MetaContrib implements MetadataBuilderInitializer {
#Override
public void contribute(MetadataBuilder metadataBuilder, StandardServiceRegistry serviceRegistry) {
metadataBuilder.applySqlFunction("str_replace", new StandardSQLFunction("replace", StringType.INSTANCE));
metadataBuilder.applySqlFunction("regex_replace", new StandardSQLFunction("REGEXP_REPLACE", StringType.INSTANCE));
}
}
The next step is to tell Hibernate to load this, by creating a file in the META-INF/services directory in your resources, called org.hibernate.boot.spi.MetadataBuilderInitializer. If such a directory doesn't exist, create it. The file has to contain the full name of the implementing class, and end in a new line.
Finally to use it:
expr1 = criteriaBuilder.concat(userRoot.get("firstName"), userRoot.get("lastName"));
expr2 = criteriaBuilder.function("str_replace", String.class, expr1, " ", "");
expr3 = criteriaBuilder.like(expr2, cb.parameter(String.class, "sv"));
userCriteriaQuery.where(expr3)
return createQuery(userCriteriaQuery)
.setParameter("sv", "jamesbon%")
.getResultList();
Detailed explanation:
The CriteriaBuilder creates a JPQL query. Your function expression becomes something like:
... WHERE function('str_replace', concat(u.firstName, u.lastName), ' ', '') LIKE :sv
Which when rendered to a native query will look like:
where replace(concat(u0.first_name, u0.last_name), ' ', '') like :sv
The function was registered under the name str_replace in JPQL, but it can be any name you choose. It's the name you give to the StandardSQLFunction constructor that tells it what the native name is.
Then further down the :sv internally becomes a ?, and when you use setParameter it tells the JDBC driver to safely send the string at that position.
However if you want to remove all whitespace, instead of merely all 0x20 space characters, you should use a regular expression like \s+ with the other function I put in MetaContrib. You can only do so if your MySQL is 8.0.4 or newer, or MariaDB 10.0.8 or newer. That function exists in the MariaDB10Dialect, so if you are using MariaDB, you may not need the MetaContrib class.
I am implementing fingerprint authentication for my angular app using node tcp server in my scenario the bio metric device return the string of special characters to my node server which includes special characters like single and double like ##$'%" i wanted to store this complete string to database with single as well as double quotes. i have following query
var fingerPrint = '##$'%"'
db.query("insert into tbl_name (id, tempalte) value ('"+fingerPrint+"','')", (err, result)=>{
console.log(result)
})
but when string contain double quotes the query terminates as well as the problem with single quote. is there is any way to achieve this mechanism.
Thanks in advance
Here's one way to do it, using MySQL in NodeJs. This is what you can try:
let fingerPrint = `'##$'%"'`;
let addQuery = "INSERT INTO tbl_name (id, template) VALUES (?,?)";
let values = [1, fingerPrint];
db.query(addQuery, values, function (err, result) {
if (err) {
return console.error(err.message);
}
console.log("Number of records inserted: " + result.affectedRows);
})
Try
encodeURI() and decodeURI() it may work
I am building a REST-Interface for some Application and I use JPA and Hibernate to access a SQL-Database.
Now I am trying to check if a given nickname already exists.
I am doing it this way:
CriteriaBuilder builder = this.entityManager.getCriteriaBuilder();
CriteriaQuery<DBUser> query = builder.createQuery(DBUser.class);
Root<DBUser> from = query.from(DBUser.class);
Predicate uniqueNickname = builder.equal(from.get(DBUser_.nickName),newNickname);
query.select(from).where(uniqueNickname);
if (this.entityManager.createQuery(query).getResultList().size() == 0) {
//ok
} else {
//not ok
}
If I now have a User TEst in the database and newNickname="teST"
it puts the User TEst into the resultlist.
(I checked what the name in the resultlist is and it says TEst)
I am using the mysql connector "mysql-connector-java-6.0.6.jar".
Normally, CriteriaBuilder#equal is case-sensitive, you can achieve equals ignore case by comparing strings in uppercase variant:
Predicate uniqueNickname = builder.equal(builder.upper(from.<String>get(DBUser_.nickName)),
newNickname.toUpperCase());
In your case, the DB ignore the case sensitive completely.
Checking your MySQL DB and change the collation setting (the collation with _ci suffix is case-insensitve)
I am trying to do an easy search on a table that can be on any kind of database. The following query is working an the most databases, but I cannot find a solution which works on mysql.
The tables in my database are generated by the active objects framework, so I cannot change the names or config of those instances.
Here is the query that works fine on all databases but MySQL:
select * from "AO_69D057_FILTER" where "SHARED" = true AND "CONTAINS_PROJECT" = true AND UPPER("FILTER_NAME") like UPPER('%pr%').
MySql is not able to use the table name in double quotes for some reason. If I use the unquoted table name it works on MySQL but not on Postgres. Postgres is converting the table name to lowercase because it is unquoted. AO is generating the table names in upper case.
I also tried to use an alias, but that can not work because of the evaluation hierarchy of the statement.
Any suggestions how to get rid of the table name problem?
By default double quotes are used to columns.
You can change it:
SET SQL_MODE=ANSI_QUOTES;
Here is the documentation about it:
http://dev.mysql.com/doc/refman/5.7/en/sql-mode.html
I had the same problem. I select the query according to the exception I get. In the first call of the db search, I try without quotes if it fails then I try with quotes. Then I set useQueryWithQuotes variable accordingly so that in future calls I do not need to check the exception. Below is the code snipped I am using.
private Boolean useQueryWithQuotes=null;
private final String queryWithQuotes = "\"OWNER\"=? or \"PRIVATE\"=?";
private final String queryWithoutQuotes = "OWNER=? or PRIVATE=?";
public Response getReports() {
List<ReportEntity> reports = null;
if(useQueryWithQuotes==null){
synchronized(this){
try {
reports = new ArrayList<ReportEntity>( Arrays.asList(ao.find(ReportEntity.class, Query.select().where(queryWithoutQuotes, getUserKey(), false))) );
useQueryWithQuotes = false;
} catch (net.java.ao.ActiveObjectsException e) {
log("exception:" + e);
log("trying query with quotes");
reports = new ArrayList<ReportEntity>( Arrays.asList(ao.find(ReportEntity.class, queryWithQuotes, getUserKey(), false)));
useQueryWithQuotes = true;
}
}
}else{
String query = useQueryWithQuotes ? queryWithQuotes : queryWithoutQuotes;
reports = new ArrayList<ReportEntity>( Arrays.asList(ao.find(ReportEntity.class, query, getUserKey(), false)));
}
...
}
I need to convert a table into a comma separated list in order to save it to a text file. Is there a built in method for doing this in Lua?
If your table is an array, you can use table.concat to print CSVs:
t={10,20,30}
print(table.concat(t,","))
outputs 10,20,30.
There isn't a built in function, but there are examples onthe web.
This is a decent one actually.
No, there is not a "built in" function for this. But it's not hard to do it yourself. I keep a script around for recursively writing Lua tables directly to files as Lua scripts, which can then be loaded and executed like Lua scripts.
--This file exports a function, WriteTable, that writes a given table out to a given file handle.
local writeKey = {};
function writeKey.string(hFile, value, iRecursion)
WriteFormatted(hFile, "[\"%s\"]", value);
end
function writeKey.number(hFile, value, iRecursion)
WriteFormatted(hFile, "[%i]", value);
end
local writeValue = {};
function writeValue.string(hFile, value, iRecursion)
WriteFormatted(hFile, "[==[%s]==]", value);
end
function writeValue.number(hFile, value, iRecursion)
WriteFormatted(hFile, "%i", value);
end
function writeValue.boolean(hFile, value, iRecursion)
if(value) then hFile:write("true"); else hFile:write("false"); end;
end
function writeValue.table(hFile, value, iRecursion)
WriteTable(hFile, value, iRecursion)
end
local function WriteFormatted(hFile, strFormat, ...)
hFile:write(string.format(strFormat, ...));
end
local function WriteForm(hFile, strFormat, ...)
hFile:write(string.format(strFormat, ...));
end
local function WriteTabs(hFile, iRecursion)
for iCount = 1, iRecursion, 1 do
hFile:write("\t");
end
end
function WriteTable(hFile, outTable, iRecursion)
if(iRecursion == nil) then iRecursion = 1; end
hFile:write("{\n");
local bHasArray = false;
local arraySize = 0;
if(#outTable > 0) then bHasArray = true; arraySize = #outTable; end;
for key, value in pairs(outTable) do
if(writeKey[type(key)] == nil) then print("Malformed table key."); return; end
if(writeValue[type(value)] == nil) then
print( string.format("Bad value in table: key: '%s' value type '%s'.", key, type(value)));
return;
end
--If the key is not an array index, process it.
if((not bHasArray) or
(type(key) ~= "number") or
not((1 <= key) and (key <= arraySize))) then
WriteTabs(hFile, iRecursion);
writeKey[type(key)](hFile, key, iRecursion + 1);
hFile:write(" = ");
writeValue[type(value)](hFile, value, iRecursion + 1);
hFile:write(",\n");
end
end
if(bHasArray) then
for i, value in ipairs(outTable) do
WriteTabs(hFile, iRecursion);
writeValue[type(value)](hFile, value, iRecursion + 1);
hFile:write(",\n");
end
end
WriteTabs(hFile, iRecursion - 1);
hFile:write("}");
end
There is not a built in way, but there are a number of options that are relatively easy if you want to build it yourself. Here are some links that can help you figure out how you want to put it together:
http://www.lua.org/pil/12.1.html
http://lua-users.org/wiki/TableSerialization
Yes, there is a builtin method, and its been around for a very long time.
-- table.concat
local line = { "Fred", 20, 4.000 }
print(table.concat(line,","))
Output: Fred, 20, 4.000
You can convert a table to a string using this function, and simply choose a "," for a separator.
You can also add a function that runs during concatenation and detects how many properties you have written, then add a new line - you can make a very complex converter if you need.
My recommendation is to break each "line" of comma separated tables and concat each one with "," then write it out. This way you can be sure that you can handle large numbers of lines, and that each line is correctly formatted.
Caveats:
You will have to handle strings with commas, quotes and so forth.
This method is mainly for ordered tables (lists or arrays). They must be indexed.
If you need to do processing on your values in the table, do it first. Then concat.
Reference for concat:
http://www.lua.org/manual/5.1/manual.html#pdf-table.concat