I am using the webservice that will send the request for one of the column as Dran & Hyle , but i get the exception as a expected valid begining name character. due to the special character &
Below is the insert statement in my java .
public static final String PetInsert= insert into pet values(?,?,?);
I believe set define off will not work in java code , it is understood only by sql developer.
Any help is appreciated
From Java, it is recommended to use PreparedStatement when creating a statement to query the database. Read more in the documentation.
Not so sure, but can it be that in the XML of the web service the error is located? Then somewhere
"Dran & Hyle"
should go into the XML. Normally it is done automatically. So it would be the unlikely case of creating the XML oneself with Strings.
In that case use apache's StringEscapeUtils:
s = StringEscapeUtils.escaleXML(s);
P.S. I found set define off of #aUserHimself plausible.
Related
I am trying to create a regex filter for my app. I am using HSQLDB to store my messages and regex.pattern[1] class to match the incoming messages. I noticed that regex.pattern and LIKE in HSQLDB uses diferent matching "teqniques".
Example
I want to match: {"auth_user":"YQ==","auth_pass":"ZGFz"}.
With HSQLDB: SELECT * FROM messages LIKE %auth%
With regex.pattern: \bauth or auth
My Questions
Is there any way to get the input from user and query with RLIKE or REGEX in HSQLDB?
Is there any easily way to convert regex.pattern in HSQLDB query?
[1] https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html
Thank you in advance.
EDIT 1: The messages I get are not only JSON formated.
EDIT 2: I tried REGEXP_MATCHES like #JorgeCampos and #fredt mention to me but I get the following exception
SQL Error [S1000]: java.lang.ClassCastException: org.hsqldb.types.ClobDataID cannot be cast to java.lang.String
when I execute the following command
SELECT * FROM WEBSOCKET_MESSAGE WHERE REGEXP_MATCHES(PAYLOAD_UTF8, '^a.*');
Use REGEXP_MATCHES(column_name, regular_expression)
The function uses Java regular expression syntax.
If the column type is CLOB, use a cast to VARCHAR
REGEXP_MATCHES(CAST (column_name AS LONGVARCHAR), regular_expression)
Below is my code inside a method named getUrlDetails() of WebsiteAvailability class
inside the method: getUrlDetails(String selUrl)
List<WebsiteAvailability>avaList=new ArrayList<WebsiteAvailability>
String selquery="select w.statusCode,w.updateTime,s.statusCodeValue from WebsiteAvailability w,StatusCodes s where w.statusCode=s.statusCodeNo and w.url=?";
avaList=session.createQuery(selquery).setString(0,selUrl).list();
Here this is hibernate java application.And StatusCode and WebsiteAvailability are POJO classes(generated by hibernate).So in HQL query I am using entity classes instead of database table names.I am using postgresql.
My problem is I am not getting the list of items which match where condition.In place of ?(placeholder) it is not taking supplied input.It is taking ? itself
Can someone please help me..
Use setString(1, ...)
EDIT: No, it is setString(0, ...)
You can try using a named parameter:
String selquery="select w.statusCode,w.updateTime,s.statusCodeValue from WebsiteAvailability w,StatusCodes s where w.statusCode=s.statusCodeNo and w.url=:selUrl";
avaList=session.createQuery(selquery).setString("selUrl",selUrl).list();
I am working with a 3rd product called JPOS and it has an XMLPackager whereby I get a string from this packager that contains a record in an XML format such as:
<MACHINE><B000>STRING_VALUE</B000><B002>STRING_VALUE</B002><B003>STRING_VALUE</B003><B004>STRING_VALUE</B004><B007>STRING_VALUE</B007><B011>STRING_VALUE</B011><B012>STRING_VALUE</B012><B013>STRING_VALUE</B013><B015>STRING_VALUE</B015><B018>STRING_VALUE</B018><B028>STRING_VALUE</B028><B032>STRING_VALUE</B032><B035>STRING_VALUE</B035><B037>STRING_VALUE</B037><B039>STRING_VALUE</B039><B041>STRING_VALUE</B041><B043>STRING_VALUE</B043><B048>STRING_VALUE</B048><B049>STRING_VALUE</B049><B058>STRING_VALUE</B058><B061>STRING_VALUE</B061><B063>STRING_VALUE</B063><B127>STRING_VALUE</B127></MACHINE>
I have a SQL server table that contains a column for each of the listed. Not that it matters but I could potentially have thru defined with specific STRING_VALUEs. I'm not sure what is the best way to go about this in Java. My understanding is that SQL Server can take an XML string (not document) and do an insert. Is it best to parse each value and then put into a list that populate each value into? This is the first time I've used an XML file and therefore trying to get some help/direction.
Thanks.
Sorry, one of my colleagues was able to help and provide a quick answer. I'll try it from my Java code and it looks like it should work great. Thanks anyway.
Here is the SP that she created whereby I can pass in my XML string and bit value:
CREATE PROCEDURE [dbo].[sbssp_InsertArchivedMessages]
(
#doc varchar(max),
#fromTo bit
)
AS
BEGIN
DECLARE #idoc int, #lastId int
EXEC sp_xml_preparedocument #idoc OUTPUT, #doc
INSERT INTO [dbo].[tblArchivedMessages]
SELECT * FROM OPENXML(#idoc, '/MACHINE', 2) WITH [dbo].[tblArchivedMessages]
SET #lastId = (SELECT IDENT_CURRENT('tblArchivedMessages'))
UPDATE [dbo].[tblArchivedMessages]
SET FromToMach = #fromTo
WHERE ID = #lastId
END
GO
Regards.
I'm using Java 1.7 to make an aplication how conects to a MySQL DB.But I Have many problems into que insertion of values with the special characters like ",\,\n.
I'm Trying to change manually this values.
Im using this method to make the change.
public static String StringToSQL(String chain) {
chain.replaceAll(Matcher.quoteReplacement("\\"),
Matcher.quoteReplacement("\\\\"));
chain.replaceAll(Matcher.quoteReplacement("\""),
Matcher.quoteReplacement("\\\""));
chain.replaceAll(Matcher.quoteReplacement("\n"),
Matcher.quoteReplacement("\\n"));
chain.replaceAll(Matcher.quoteReplacement("'"),
Matcher.quoteReplacement("\\'"));
return chain;
}
I wanna try to transform a chain like
The cat says "meaw meaw"
into
the cat says \"meaw meaw\"
to haven't problems with the MySql Syntax
for example the sql must be
INSERT INTO AnimalSays (Phrase) VALUES ("\"Meaw Meaw\"");
but I send
INSERT INTO AnimalSays (Phrase) VALUES (""Meaw Meaw"");
Having a syntax error how breaks the application
Using a prepared statement will solve your problem. It will escape all special characters if you set the string parameter.
http://docs.oracle.com/javase/6/docs/api/java/sql/PreparedStatement.html
I'm trying to pass an SQL query string from a Java Applet to Servlet as a parameter.
Problem is that in Applet I have something say: sql=select * from p where(+p=1)
The resulting sql parameter in the Servlet is sql=select * from p where(+p=1).
So anyone knows how to prevent the browser from removing the + character from parameters?
Is there a escape character?
Thank you.
Do not EVER do this. This is the direct way for the SQL injection (for example any user can insert the DELETE request to the get string and crash your server)
You can use java.net.URLEncoder for this.
param = URLEncoder.encode(param, "UTF-8");
That said, the whole idea is leaky and very prone to attacks. One could easily reveal the URL and manually send a DELETE FROM p to it. Rather send commands as parameters, not complete SQL queries. Keep and hide the SQL queries in the server side.