I'm trying to change the default separator to "+"
/**
* #var string $slug
* #Gedmo\Slug(fields={"label"}, separator="+")
* #ORM\Column(length=130, unique=true)
* #Expose
*/
protected $slug;
It doesn't work, I get the following error:
[Symfony\Component\Debug\Exception\ContextErrorException]
Warning: preg_match(): Compilation failed: nothing to repeat at offset 24
When trying to escape the "+" with "\+", I don't have this error any-more but in the database I've got the following:
my\+slug
Same thing with a double escape "\\". Any idea?
Dirty-hack, when desactiving the unique constraint the bug doesn't happen.
* #Gedmo\Slug(fields={"label"}, separator="+", unique=false)
Related
When executing the following code:
string query = 'select id from ClientData__c';
string Point05 = '%\\file-01\projects\Internal Audit\Internal Audit
Team\FY18\SOX\Testing%';
query += ' WHERE Point05__c LIKE \'' + Point05 + '\'';
List<ClientData__c> clientData = database.query(query);
I get the following error:
Line: 2, Column: 18
Illegal string literal: Invalid string literal '%\file-01\projects\Internal Audit\Internal Audit Team\FY18\SOX\Testing%'. Illegal character sequence \p' in string literal.
Backslash (\) is used normally as an escape character. Just like you used in query line to escape single quote (').
Here, in order to use in your string, you need to double backslash to escape the line backslash. Just change to:
string Point05 = '%\\\\file-01\\projects\\Internal Audit\\Internal Audit Team\\FY18\\SOX\\Testing%';
You may find its use here.
I'm trying to develop a blog using webpy.
def getThread(self,num):
myvar = dict(numero=num)
print myvar
que = self.datab.select('contenidos',vars=myvar,what='contentTitle,content,update',where="category LIKE %%s%" %numero)
return que
I've used some of the tips you answer in this web but I only get a
<type 'exceptions.NameError'> at /
global name 'numero' is not defined
Python C:\xampp\htdocs\webpy\functions.py in getThread, line 42
Web GET http://:8080/
...
I'm trying to make a selection of some categorized posts. There is a table with category name and id. There is a column in the content table which takes a string which will be formatted '1,2,3,5'.
Then the way I think I can select the correct entries with the LIKE statement and some %something% magic. But I have this problem.
I call the code from the .py file which builds the web, the import statement works properly
getThread is defined inside this class:
class categoria(object):
def __init__(self,datab,nombre):
self.nombre = nombre
self.datab = datab
self.n = str(self.getCat()) #making the integer to be a string
self.thread = self.getThread(self.n)
return self.thread
def getCat(self):
'''
returns the id of the categorie (integer)
'''
return self.datab.select('categorias',what='catId', where='catName = %r' %(self.nombre), limit=1)
Please check the correct syntax for db.select (http://webpy.org/cookbook/select), you should not format query with "%" because it makes code vulnerable to sql injections. Instead, put vars in dict and refer to them with $ in your query.
myvars = dict(category=1)
db.select('contenidos', what='contentTitle,content,`update`', where="category LIKE '%'+$category+'%'", vars=myvars)
Will produce this query:
SELECT contentTitle,content,`update` FROM contenidos WHERE category LIKE '%'+1+'%'
Note that I backquoted update because it is reserved word in SQL.
I am working on a process in Codeigniter to take a user-uploaded image (managed using the CI upload library) and insert it into a varbinary(max) field in a SQLServer database. My controller and model code are as follows.
if($this->upload->do_upload($upload_name)) {
//get temp image
$tmpName = $config['upload_path'] . $config['file_name'];
// Read it into $data variable
$fp = fopen($tmpName, 'rb');
$data = fread($fp, filesize($tmpName));
fclose($fp);
//insert into DB
$this->the_model->storeImage($data, $user_id);
//delete temp image
unlink($config['upload_path'] . $config['file_name']);
}
/***** Function from the_model ************/
function storePropertyImage($image_data, $user_id) {
$my_db = $this->load->database('admin');
$stmt = "INSERT INTO my_table (UserID, ImageData) VALUES (" . $my_db->escape($user_id) . ", " . $my_db->escape($image_data) . ")";
$insert = $my_db->query($stmt);
return $insert;
}
This all seems like it should be OK but when I run the code, I get the error:
Fatal error: Uncaught exception 'PDOException' with message
'SQLSTATE[HY093]: Invalid parameter number: mixed named and positional parameters'
in {my app path}\helpers\mssql_helper.php on line 213
I've done some googling on this error message and the results seem to indicate this is the result of there being a colon character in the $data value being sent to the model, making the DB think that I am trying to pass a named parameter when I am not. However I haven't been able to find any reports that match my specific use case or that have much info on how to correct the error.
I'd appreciate any insight on where I might be tripping up.
$image_data is a binary string. ->escape may not work on it, since it may escape random bytes in it, thus leaving you with a corrupted image. Also the binary string may contain quote characters (or other characters) that is making your query invalid.
Try to encode the binary string as hex before inserting into MySQL. You can use PHP's bin2hex for this.
$escaped_user_id = $my_db->escape($user_id);
$hex_image = bin2hex($image_data);
$stmt = "INSERT INTO my_table (UserID, ImageData) VALUES ({$escaped_user_id}, X'{$hex_image}')";
The X in X{$hex_image} is how MySQL handles literal hex strings: http://dev.mysql.com/doc/refman/5.1/en/hexadecimal-literals.html
If that doesn't work, you can also try UNHEX().
$escaped_user_id = $my_db->escape($user_id);
$hex_image = bin2hex($image_data);
$stmt = "INSERT INTO my_table (UserID, ImageData) VALUES ({$escaped_user_id}, UNHEX('{$hex_image}'))";
EDIT: I didn't notice you were using MSSQL and not MySQL. My bad. In MSSQL, you can insert literal hex strings with 0x.
$escaped_user_id = $my_db->escape($user_id);
$hex_image = bin2hex($image_data);
$stmt = "INSERT INTO my_table (UserID, ImageData) VALUES ({$escaped_user_id}, 0x{$hex_image})";
I wanted to use a named parameter placeholder inside the LIKE operator pattern so that the argument string is properly escaped.
Here's my modified code where I am using the at-param placeholder:
var stmt = new air.SQLStatement();
stmt.text = "SELECT * FROM comments WHERE title LIKE '%#search%';";
stmt.parameters["#search"] = "argument string";
stmt.execute();
Doing so yields an SQLError with the following details
message: Error #3315: SQL Error.
details: '#search' parameter name(s) found in parameters property but not in the SQL specified
As suggested by Mike Petty, I tried:
stmt.text = 'SELECT * FROM comments WHERE title LIKE "#%search%";';
Which yields to the same SQL Error details.
Documentation has this:
expr ::= (column-name | expr) LIKE pattern
pattern ::= '[ string | % | _ ]'
My suspicion is that it is skipped due to the qoutes, any ideas on how to make it work?
Found a solution for this, basically instead of doing it like this:
var stmt = new air.SQLStatement();
stmt.text = "SELECT * FROM comments WHERE title LIKE '%#search%';";
stmt.parameters["#search"] = "argument string";
stmt.execute();
You have to put a placeholder for the entire LIKE operator pattern and bind the pattern as a parameter.
var stmt = new air.SQLStatement();
stmt.text = "SELECT * FROM comments WHERE title LIKE #search;";
stmt.parameters["#search"] = "%" + userInput + "%";
stmt.execute();
Remove your :string from your string.
Like works just fine as:
SELECT * FROM comments WHERE comments.title LIKE '%string%';
It's hard to tell from your question, but is your current statement either throwing a SQLError, just doesn't compile, or just doesn't return any results?
If I had to guess I'd say you have a few issues here:
You shouldn't have to qualify the column in the where clause since you only have 1 table to select from
The parameter string is technically a reserved word by AIR / Actionscript (although the case is different) - still a bit confusing.
Even though the documentation and code allow you to use either the colon, or at-symbol, my preference is the # since it's a bit easier to see ;)
Don't forget to add an itemClass definition of the Class you expect for rows - this helps to avoid anonymous objects.
This should be fairly straight forward:
var stmt:SQLStatement = new SQLStatement();
stmt.itemClass = Comment;
stmt.text = 'SELECT * FROM comments WHERE title LIKE "#%search%";';
stmt.parameters['#search'] = userInput.text;
stmt.addEventListener(SQLEvent.RESULT, onResults);
stmt.execute();
How do you properly escape a '/' forward slash in a JPQL query string?
If I do this:
LOCATE('/', REVERSE( ...
I get:
javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not execute query
However, if I do this:
LOCATE('\\', REVERSE( ...
Everything is fine.
So, how do I include the forward slash?
EDIT: I've already tried the following and they don't work:
'\\/'
'//'
CHAR(47)
ESCAPE '/'
Can't reproduce with the provided details, the following works for me:
#Test
public void testQueryWithLocateKeyword() {
Product p1 = new Product("1234/Foo");
Product p2 = new Product("12/Bar");
em.persist(p1);
em.persist(p2);
em.flush();
String qlString = "SELECT LOCATE('/', p.name) FROM Product p";
List actual = em.createQuery(qlString).getResultList();
List<Integer> expected = Arrays.asList(5, 3);
assertNotNull(actual);
ReflectionAssert.assertReflectionEquals(expected, actual);
}
Tested with Hibernate EM 3.5 (and H2).
Please provide a representative query, a full stacktrace, the Hibernate version.