Okay, so let me just state this first. I am very new to SQL and I don't know a lot about it. I just recently started using it and I've been trying to learn it and improve. Please explain anything you state, as I may not understand common terms etc.
The SQL code I wrote now works like I intend it to, but the string seems obnoxious and made me think that this can't be quite right.
INSERT INTO reputations(uuid, warn, bandate, reasons, mods)
VALUES ('{0}', '{1}', '{2}', CONCAT(reasons, '{3}'), CONCAT(mods, '{4}'))
ON DUPLICATE KEY UPDATE warn = '{1}',
bandate = '{2}',
reasons=CONCAT(reasons, '{3}'),
mods=CONCAT(mods, '{4}')
In my Java code it looks like this:
As you also probably can see, I have no clue on how to properly format/indent it all for use like this. Any tips would be greatly appreciated.
I should also explain that the {n}'s are just spaces where I replace it with the information I want. For example, I replace all {0} with an UUID.
So, my question is. Is there a better way to do this? Any tips or help would be appreciated. Cheers!
I don't understand this part:
VALUES ('{0}', '{1}', '{2}', CONCAT(reasons, '{3}'), CONCAT(mods, '{4}'))
------------------------------------^
The use of the column name there should be generating an error.
Perhaps this is the statement you want:
INSERT INTO reputations(uuid, warn, bandate, reasons, mods)
VALUES ('{0}', '{1}', '{2}', '{3}', '{4}')
ON DUPLICATE KEY UPDATE warn = VALUES(warn),
bandate = VALUES(bandate),
reasons = CONCAT(reasons, VALUES(reasons)),
mods = CONCAT(mods, VALUES(mods));
In the ON DUPLICATE KEY part, you can use VALUES() to get the new value from a particular column. In addition, I suspect you might really want to have a separator for the last two concatenations:
reasons = CONCAT_WS('; ', reasons, VALUES(reasons)),
mods = CONCAT_WS('; ', mods, VALUES(mods));
The use of CONCAT_WS() has a nice side effect if the values are ever NULL -- it will still leave the remaining values.
Related
My Sql-Database uses utf8_bin, which is limited to 3-Byte-Characters. Im using a pre "5.1.46" Mysql connector.
On this site: https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-reference-charsets.html, it is stated that using the "characterEncoding=utf-8" parameter, means that it uses utf8mb3. Which would be correct in my case. The problem is, that the application will throw a Mysql-Exception when it tries to write a 4-Byte-Character:
for example:
java.sql.SQLException: Incorrect string value: '\xF0\x9F\x98\x81 \xC4...'
Furthermore, if I dont specify the characterEncoding-parameter at all, it will default to some other charset. The problem here is, that a lot of characters that I need to be able to write into the DB will just be replaced by a "?". Like "ğ" for example.
So far, the only Solution I see to this problem is just removing all 4-Byte characters from a String, before I write it into the Database, since changing the charset of the Database iself is not an option unfortunatley
But I was wondering if im missing something here. Is there better way to do this?
Thanks a lot
I have been trying to detect hard coded passwords in source code files.
Currently I am checking for variable assignments and comparison for identifiers with a sub-string matching with password,pswd.
But it is leading to lots of false positives like in this case(Reading passwords from a config file)
String PASSWORD_KEY = "server.password";
String password = prop.getProperty(PASSWORD_KEY);
I can flag out some sub-strings like Key,location,path for which i can skip the error generation but apart from this I cannot think of a better approach.
All suggestions are appreciated.
Real world cases of hidden backdoors learn that the code is typically far more obscured to use a variable name that indicates the purpose.
So to get to something foolproof, you'd need to do a full static analysis and have "intelligence" in the code checker to understand the code and find where the authentication happens and then work backwards to verify there are no hidden ways to achieve this.
IMHO it's cheaper to hire somebody to do (security) code reviews than to try to automate this.
Hy,
Lets say you have Varchar-Database values in a column that are cAmeLCaSe and you always want to display them UPPERCASE in a view.
Is it now better to select those entrys using the (for example) UPPER-Function of Oracle
or to loop the results and call the .toUpperCase() Method from within the Java Code after the selection has been made?
I know its a bit of a general question and i will of corse comment after having made performance messurments of the above two possibilitys. But i am more after a good source of information that addresses such questions in general (like for example "is it better do run sorting db- side or in programm-code?" and questions like this for common Solutions like .Net/Java and Oracle/ MSSQL Server.
Many thanks you took the time to read this questions, i appreciate any input and wish you a great day.
Regards
Jan
It depends on where and how the uppercased value is used.
If this is only used in the frontend (I assume with "view" you did not mean a database view) then I'd go for a toUpperCase() ideally using the user's locale.
If you are using the uppercase value for comparison I'd use the Oracle function to ensure that the you have a consistent behaviour. I'm think of e.g. a condition where you compare the column value to a string constant: WHERE upper(foobar) = upper('SomeValue') If you used Java's toUpperCase() that might apply different (locale dependent) rules than Oracle would use.
I believe always my code should be database independent.
String upper = string.toUpperCase();
Because,it's database independent.If I shift my database to some other,I need not to change my code.
In a nutshell your specific requirements should take in to consideration.
This is probably a simple one and more Java related than grails but I'm a bit lost and not sure where to even start looking on this, I've googled about but am not really sure what I'm after, so would appreciate a pointer if possible please!
In the grails app I have a form which I save, all well and good. In the controller I can see the list of params it returns via a simple println and when I want to find a specific value currently I do a params.each and then compare the key to a pre defined string to find the one I want, my question is: -
Can I, and how would I, specifically say "get me the value of the parameter with the key "banana", rather than having to loop through the whole list to find it?
Also is there a way of creating a new set of secondary params, or just another plain old dictionary item (is that the right term?) where I use a regular expression to say "give me all the items whose key match the pattern "XYZ"?
It probably doesn't make much difference speed wise as the params are never that big but it'd be nice to make things more efficient where possible.
Any feedback much appreciated!
For a first question, to get 'banana' parameter you have to use:
params.banana
For second, find all with regexp:
def matched = params.findAll { it.key =~ /XYZ/ }
//or
Pattern p = ~/XYZ/
def matched = params.findAll { p.matcher(it.key).matches() }
There's a params object you can use. Eg with someurl.com?myparam=test you can access it with "params.myparam"
More information over here: http://grails.org/doc/2.2.x/ref/Controllers/params.html
i am using replace method for editing text in mysql database and its working well for
every time i try to replace a string by some other string e.g
REPLACE(Eligibility_Points , '(ii)', 'second point is')";
works well for above case
but does not work well in the following case
REPLACE(Eligibility_Points , '(ii)-(iii)', 'second and third point is')";
how should i fix this problem, thanks for your help
Assuming that this is the MySQL REPLACE string function you are talking about, the only reason I can see why the second example wouldn't work is that (maybe) the Eligibility_Points field (or whatever) doesn't contain the first string at all.
Maybe you could provide more context; e.g. what evidence you have that the replace isn't working.
However #vadchen makes a good point. If you do the replacement in the first example, then it will remove all examples that might trigger a replacement in the second example. Maybe you just need to do the "edits" in the reverse order.
There is no need to escape any of the characters in those fragments, either from the Java or SQL perspective.