I'm facing a non usual issue while using criterias. I want to do a criteria with a like clause but the text contains special chars like the bracket char "[" and it seems that it's a special char in MSSQL database.
From an sql query I must use the special wording ESCAPE see example :
AND file1.FILE_NAME like '%[Main profile picture]%' **ESCAPE '['**
But I dont know how I can do the same using criteria. I'm currently using this clause temporarily :
criteria.add(Restrictions.like("files.fileName", "%Main profile picture%"));
but that's not what I want I really need to escape the '[' char.
Can somebody help me with this please...?
Thank you for your help!
Related
So I am trying to write a custom query for h2 using its JSON_OBJECT function. JSON_OBJECT uses a format of JSON_OBJECT(key:value) so as a simple example in my Spring repository I am writing a query like #Query(value = "SELECT JSON_OBJECT('id':1)", nativeQuery = true)
When executing that same query in the h2-console it operates as expected but in Spring the colon(':') is treated as a special character for variable insertion so when testing it, it tries to map the following value as a variable which of course throws an error.
I've tried escaping the colon with \\ and \\\\ and putting a space between the colon and the value but doesnt seem to help.
Any ideas on how to either escape the char or make spring think the colon is an acceptable character?
Actually you can simply use the alternative syntax JSON_OBJECT(KEY 'id' VALUE 1), there is no need to use escaped \\:, escape sequences make your query less readable.
I have data coming from html contact form which i am sending in a email through a java webservice. Everything is working fine but when user inserts data containing apostrophe (single quote) insert fails.
Pls help me to understand How and where to handle this data.
TIA
You just need to use Prepared Statements,it will escape special characters and avoid SQL_injection
You can use Prepared Statements, and you can just escape all special characters like single quote, double quote etc. before inserting in the database.
EDIT:
I changed the hard coded query to be:
query.setParameter("desc", "%unplug //your// server... enjoy the freedom%" ESCAPE '//')
and now I am getting an com.sun.jdi.InvocationException occurred invoking method.
There's no stacktrace produced either.
I have a description column in my PostgreSQL database and I am trying to query it with a 'LIKE' clause, however I am unable to get any results. Here's an example:
Query query = em.createQuery("from MyClass c WHERE c.description LIKE :desc");
query.setParameter("desc", "%unplug /your/ server... enjoy the freedom%");
In the database I have many descriptions containing a substring of the above text. I've done a lot of research and looked into escaping special chars etc, but nothing has worked.
I am missing something, I just cannot figure out what that is.
Most likely the slash / is messing up the parsing in PG. Turn the parameter into a quoted literal. Unless you are certain that no special characters go into string arguments (i.e. you control the strings), this is always a good idea to avoid SQL injection.
query.setParameter("desc", "quote_literal('%unplug /your/ server... enjoy the freedom%')");
I have a table of project in which i have a project name and that project name may contain any special character or any alpha numeric value or any combination of number word or special characters.
Now i need to apply keyword search in that and that may contain any special character in search.
So my question is: How we can search either single or multiple special characters in database?
I am using mysql 5.0 with java hibernate api.
This should be possible with some simple sanitization of you query.
e.g: a search for \#(%*#$\ becomes:
SELECT * FROM foo WHERE name LIKE "%\\#(\%*#$\\%";
when evaluated the back slashes escape so that the search ends up being anything that contains "\#(%*#$\"
In general anything that's a special character in a string can be escaped via a backslash. This only really becomes tricky if you have a name such as: "\\foo\\bar\\" which to escape properly would become "\\\\foo\\\\bar\\\\"
A side note, please proof read your posts prior to finalizing. Its really depressing and shows a lack of effort when your questions title has spelling errors in it.
i am searching names using the wildcard query it works fine however when we do search for ascii characters it is not working well
like when user search for "Hélè*", its not able to search.
note that i have already created analyzer that does ascii folding and lowercase on name field.
also its working fine when we do search in query_string. does that mean wildcard is not analyzing the ascii folding and query string does ?
if yes then is there any way to achieve wildcard with ascii ?
any help will be greatly appreciated.
Thanks,
Mohsin
Try using field query with analyze_wildcard set to true.
By default, elasticsearch doesn't try to analyze text in wildcard queries, it only lowercases it for some queries. Because of this your query is searching for all terms that start with hélè and there is no such terms in your index because of ascii folding filter.
In Solr there is a ReversedWildcardFilterFactory and it is used at index time. When it is used if query contains wildcard character then it is not converted to ascii otherwise it is converted and searched using ascii. You can define it after ASCIIFoldingFilterFactory.
I don't know something similar exists in Lucene but you can write your FilterFactory by looking its source code.
Also you can find this document useful.