Removing URL encoding from Active Record query - mysql

I'm in over my head as always, but it's the only way I learn. Right now I am trying to query a column in a database for the current user and return the values. I'm using something like:
#tags = current_user.tags.select(:name).each { |p| p.name}
But it returns:
%5B%23%3CTag+name%3A+%22tag1%22%3E%2C+%23%3CTag+name%3A+%22tag2%22%3E%2C+%23%3CTag+name%3A+%22tag+test%22%3E%5D
From what I understand is that's Url Encoding. Is it possible to clean that up? I've tried using .delete or .gsub but I must be doing something wrong. Any insight? All my research on the site yields how to URL encode, but not URL decode.

For URI encoding/decoding you can take a look at rubyonrails.org:URI::Escape
For displaying HTML in Rails views check out the raw() method rubyonrails.org:ActionView::Helpers::OutputSafetyHelper

Related

Using query as a query parameter

I am using poorly documented API, so I suppose that there is a common practice since they didn't explained the way it should be used. API endpoint supports following query parameters: query (string) and pageNumber (integer) - the part that confuses me is query inside of query.
For example, I want to check all orders with property that has some value: https://api.logsta.com/orders?query=orderIdentifier=106300 but it doesn't work. For me, the natural behaviour would be https://api.logsta.com/orders?orderIdentifier=106300 but this is impossible since they require this query query parameter.
Based on your experience, what should I pass into this query to make it work? Is it a SQL expression or there is a standardized approach?
you can use url encode
?query=orderIdentifier%3D106300
I found the solution, and it works, so I hope that this scenario could be useful to someone.
https://api.logsta.com/orders?query=orderIdentifier:300000169928409
instead of using = again or URL encoding, they are accepting :

How to escape especial charters like < > in sql query?

the description should look like - Aircraft Configuration function in the <TypeCode> field. but it's displaying in DB as it is but when checked in UI by retrieving it's displaying like ---"Aircraft Configuration function in the field." here the <typecode> converted into HTML in UI screen.
what other ways I have tried are:
update tblApplicationParam
set fldValueDescription = 'Aircraft Configuration function in the /<TypeCode/> field'
still it didn't fix my problem.
when parameter retrieved in UI screen the description should show up like this --Aircraft Configuration function in the <TypeCode> field.
encode < as < and > as > -- you could either do it in your code with your chosen language's preferred HTML escaping method, or you could do it in SQL, but this means you'd have to update the SQL every time you encountered a symbol that has special meaning in HTML. You should prefer to use a HTML escaping function in your code.

JSON Queries - Failed to execute

So, I am trying to execute a query using ArcGIS API, but it should match any Json queries. I am kind of new to this query format, so I am pretty sure I must be missing something, but I can't figure out what it is.
This page allows for testing queries on the database before I actually implement them in my code. Features in this database have several fields, including OBJECTID and Identificatie. I would like to, for example, select the feature where Identificatie = 1. If I enter this in the Where field though (Identificatie = 1) an error Failed to execute appears. This happens for every field, except for OBJECTID. Querying where OBJECTID = 1 returns the correct results. I am obviously doing something wrong, but I don't get it why OBJECTID does work here. A brief explanation (or a link to a page documenting queries for JSON, which I haven't found), would be appreciated!
Identificatie, along with most other fields in the service you're using, is a string field. Therefore, you need to use single quotes in your WHERE clause:
Identificatie = '1'
Or to get one that actually exists:
Identificatie = '1714100000729432'
OBJECTID = 1 works without quotes because it's a numeric field.
Here's a link to the correct query. And here's a link to the query with all output fields included.

Mysql SQL to update URLs that do not have www

I have a million odd rows where most start
'http://www.' or 'https://www.'
but occasionally they start with no 'www.' - this may be correct but the website owner wants consistency throughout the data and thus I need to update the table to always have 'www.'
I'm struggling with the SQL to do this. I tried:
select * from the_million where URL like 'http://[!w]'
But that returns 0 records so I've fallen at the first hurdle of building up the SQL. I guess after I've got the records I want I'll then do a replace.
I'm happy to run this in two goes for each of http and https so no need for anything fancy there.
You can try this query:
UPDATE the_million SET url=REPLACE(url, 'http://', 'http://www.')
WHERE url NOT LIKE 'http://www.%' AND url NOT LIKE 'https://www.%'
UPDATE the_million SET url=REPLACE(url, 'https://', 'https://www.')
WHERE url NOT LIKE 'http://www.%' AND url NOT LIKE 'https://www.%'
Search & replace in 2 queries.
try this
select * from the_million where URL not like 'http://www.%'
This condition:
URL like 'http://[!w]'
... is identical to this one:
URL='http://[!w]'
because it doesn't contain any valid wildcard for MySQL LIKE operator. If you check the MySQL manual page you'll see that the only wildcards are % and _.
The W3Schools page where you read that [!charlist] is valid identifies the section as "SQL Wildcards" which is misleading or plain wrong (depending on how benevolent you feel). That's not standard SQL at all. The error messages returned by their "SQL Tryit Editor" suggest that queries run against a Microsoft Access database, thus it's only a (pretty irrelevant) SQL dialect.
My advice:
Avoid W3Schools as reference site. Their info is often wrong and they apparently don't care enough to amend it.
Always use the official manual of whatever DBMS engine you are using.
Last but not least, the good old www prefix is not a standard part of the HTTP protocol URIs (like http://); it's only a naming convention. Preppending it to an arbitrary list of URLs is like adding "1st floor" to all your customer addresses. Make sure your client knows that he's paying money to corrupt his data on purpose. And if he feels generous, you can propose him to replace all https: with http: as well.

how to save html to a database field

i have an tiny editor web page where my users can use this editor and i am saving the html into my database.
i am having issues saving this html to my database. for example if there is a name with a "'" or if there are other html character "<,",">" etc, my code seems to blow up on the insert.
Is there any best practices about taking any arbitrary html and have it persist fully to a db field without worrying about any specific characters.
I'm wondering if you are building the full query. Instead use a parameterized query and that should eliminate your data problems.
string sqlIns = "INSERT INTO table (name, information, other) VALUES (#name, #information, #other)";
SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("#name", info);
cmdIns.Parameters.Add("#information", info1);
cmdIns.Parameters.Add("#other", info2);
cmdIns.ExecuteNonQuery();
do you insert using SqlParameter? If yes, you should not have problems, check that.
You could just HtmlEncode the data.
You'll have a HttpContext.Current.Server object, so in pseudo code you'd just do:
Database.Save(HttpContext.Current.Server.HtmlEncode(myHtml));
and to retrieve it:
myHtml = HttpContext.Current.Server.HtmlDecode(DataBase.Load());
Just reading through this - is your problem actually on the insert statement or do you get a problem from the web server before it ever hits your controller? Noticing that you tagged the question with asp.net-mvc, you may need to make sure that you have decorated your controller method with the [ValidateInput(false)] attribute.