Assume a value has all windows special characters including "-" and it cannot be inserted directly to Mongo.
where i can find the mongo db special character restrictions?
How to escape while saving or retrieving?
example, do we need to pass the value within brackets ([...])? how to insert and retrieve the record with special character.
Thanks.
Values in MongoDB can be any UTF-8 string. Escaping would be the responsibility of your client program. Depending on which client program / language driver you are using, you would need to use the necessary escape character(s) for that language.
Since you mentioned that you're using Jongo, that means that you're using Java and the mongo-java-driver. In Java, you can just use the unicode escape sequence for the character you're trying to use. For example, \u2014 is the em-dash character.
For example:
DB db = new MongoClient().getDB("test");
Jongo jongo = new Jongo(db);
MongoCollection collection = jongo.getCollection("mycollection");
collection.insert("{fieldWithDash: 'x-y', fieldWithEmDash: 'x\u2014y'}");
Test test = collection.findOne("{fieldWithEmDash: 'x\u2014y'}").as(Test.class);
System.out.println(test);
This:
MongoCollection.findOne(query, parameter)
resolved the problem.
Query and parameter explicite:
MongoCollection.findOne("{ empName: # }", empName)
Related
I'm trying to use select pg_catalog.hashtext(?) via JDBC PreparedStatement, and running into a weird behavior.
For most strings it works fine, e.g. the following randomly generated string:
"Fm_:VW:<j�BGOl$K "
and I get the correct hash back: 641495800
But for some of the strings, it spits back a hash that doesn't match the value when I query directly the DB via psql or some other tool such as DataGrip.
For instance, this works fine:
"}�F:d(2 dS8xt9KP0$~tYw;R(V�"!2[7&Xs2Wj#5 k|F[}%.�ZQ^93~
Cuk&93d!t8b|{4F&{1j{.;C},1s/b�&wYZ Ckc5vqy|e+5&5EW%RQ6�F0>R4�#h.6$iU>{=kl!{e(CTH^DvN/<eG9 bjHx#9=�&& G$W_Y =�! j�\q3T;[H.ve-~>S5j8eI.gWQmg. �C!Wp�WK0z>f�?^^LLMO:3R';!4eVxU2)~1F6Zs!p0 F'1b*G:xBO5cN{O'1�P~
fj5g%IcT}]w ;;DlD Q~D=wT qN7zON�]/J9Heh3qwJ� #n qM�TG\M7#h,8JUP3Sl}L:w�b7#bR�c&e�IWp�\z�>HuwZ�I2E�j5;v7M _8DU.d?mvD| !rS!XS;8QQYh6D=BMJ5m2$>cR ob#'{dC�Or#NzDk c!JtQbzCg&#�dG:qtHy)O4 ohWQ`ed
2 O'HmHt\<SO
gHKAo`WIb"H�F\LrpKKDsW -e##v%RS+,-61lze bd|tyl);A0h":O40O71b(0cDM57gTFL~[7ksp
_Nx:"
But this doesn't:
".4X$!S"s
3E&fJZ�P*yC#6 ii7^D%N�j3Qn(]:&ykP3(%9 W�w}| ZOmcZ:(w<d= On/m\)vfAEu)s:Yy<17:l9GIm�T!BgH,�FG(:DanwL|�3'#XS
a_+nwbqPYBu[DWW`VbBKzF%CnaYpH "
Now, I tried using Statement instead of PreparedStatement along with a String concatenated query, and that works fine, as long as I escape single-quote characters (') with two-single quotes ('') before executing the query. So it appears that somehow PreparedStatement.setString is doing something weird with the String that I pass to it.
Note: The reason I'm testing this with random strings is because my code needs to be able to work with any UTF-8 string that's thrown at it. This test only uses ASCII, and it's already failing in some cases. I don't want to use Statement as that opens up a whole different discussion.
I had the bright idea of generating a secure password using KeePass password manager and give it to my DBA.
Now I constructed my Azure SQL connection string as follows
Server=tcp:something.database.windows.net,1433;Initial Catalog=SomeDbName;Persist Security Info=False;User ID=someuser;Password=[read later];MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
The password contains at least the following characters, along with upper/lowercase/digits
/"|&#]<#
Error is: ArgumentException: Format of the initialization string does not conform to specification starting at index 151.
At index 151 I can see the semicolon after the username (which I named someuser in the redacted example but only contains lowercase and a digit). VS Code points column 151 right before the ;Password= sequence
Questions:
Does my SQL Azure password contain illegal characters?
Which ones need to be escaped?
How do I escape them?
[Edit]: a note about the double quotes, which must be always escaped in C# Strings. I buried the connection string under Azure App configuration tab. It means that the double quote is unlikely to be re-escaped. I believe EF Core currently reads double-quote correctly
Actually escaping is specified here: connection-strings
Simple test shows that for your password, it is enough to add single quotes:
var csBuilder = new System.Data.SqlClient.SqlConnectionStringBuilder();
csBuilder.Password = "/\"|&#]<#";
var cs = csBuilder.ConnectionString;
Console.WriteLine(cs);
Password='/"|&#]<#'
I want to replace "\\" from a bytestring sequence (Data.ByteString)
with "\", but due to the internal escaping of "\" it won't work.
Consider following example:
The original bytestring:
"\159\DEL*\150\222/\129vr\205\241=mA\192\184"
After storing in and re-reading from a database I obtain following
bytestring:
"\"\\159\\DEL*\\150\\222/\\129vr\\205\\241=mA\\192\\184\""
Imagine that the bytestring is used as a cryptographic key, which
is now a wrong key due to the invalid characters in the sequence.
This problem actually arises from the wrong database representation
(varchar instead of bytea) because it's otherwise considered as an invalid utf-8 sequence.
I have tried to replace the invalid characters using some sort of
split-modify-concat approach, but all I get is something without
any backslash inside the sequence, because I can't insert a single backslash
into a bytestring.
I really ask for your help.
Perhaps using read will work for you:
import Data.ByteString.Char8 as BS
bad = BS.pack "\"\\159\\DEL*\\150\\222/\\129vr\\205\\241=mA\\192\\184\""
good = read (BS.unpack bad) :: BS.ByteString
-- returns: "\159\DEL*\150\222/\129vr\205\241=mA\192\184"
You can also use readMaybe instead for safer parsing.
possibly you want the postgresql expression
substring(ByteString from e'^\\"(.*)\\"$')::bytea
that will give a bytea result that can be used in queries or in an alter table-using DDL
I want to insert a string that contains double quotes and single quotes as below.
db.collectionName.insert({"filedName" : "my field contains "double quotes" and 'single quotes' how to insert"}) ;
When I try insert above, it got error as my field contain double quotes, can some one tell me something like escape sequence to insert double quote?
Can't do as under my field also contain single quotes.
db.collectionName.insert({"filedName" : 'my field contains "double quotes" and 'single quotes' how to insert'}) ;
I think it depends on which context you use your code.
If it's in pure js (node.js for example) you can escape the quote char with \, like this :
db.collectionName.insert({"filedName" : "my field contains \"double quotes\" and 'single quotes' how to insert"}) ;
But in the HTML context it's not possible, you need to replace the double-quote with the proper XML entity representation, "
Consider using grave/accent (`, decimal ASCII code 96) for string enclosing quotes.
JSON allows unicode syntax using \u1234 format according to ECMA-404. Therefore you can use the following syntax to insert double quote and single quotes from MongoDB shell.
db.collectionName.insert({"filedName" : "my field contains \u0022double quotes\u0022 and \u0027single quotes\u0027 how to insert"})
Further, you can use this syntax to insert non-ASCII characters too. This special handling is required if we are forming the JSON manually. If the JSON is being serialized automatically from plain objects (e.g. POJOs) using a framework such as GSON, Xstream the required conversion would happen automatically while converting to JSON.
I asked similar question here for: hstore value with space. And get solved by user: Clodoaldo Neto. Now I have come across next case with string containing single quote.
SELECT 'k=>"name", v=>"St. Xavier's Academy"'::hstore;
I tried it by using dollar-quoted string constant by reading http://www.postgresql.org/docs/current/static/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS
SELECT 'k=>"name", v=>$$St. Xavier's Academy$$'::hstore;
But I couldn't get it right.
How to make postgresql hstore using strings containing single quote?
It seems like there are more such exceptions possible for this query. How to address them all at once?
You can escape the embedded single quote that same way you'd escape any other single quote inside a string literal: double it.
SELECT 'k=>"name", v=>"St. Xavier''s Academy"'::hstore;
-- ------------------------------^^
Alternatively, you could dollar quote the whole string:
SELECT $$k=>"name", v=>"St. Xavier's Academy"$$::hstore;
Whatever interface you're using to talk to PostgreSQL should be taking care of these quoting and escaping issues. If you're using manual string wrangling to build your SQL then you should be using your driver's quoting and placeholder methods.
hstore's internal parsing understands double quotes around keys:
Double-quote keys and values that include whitespace, commas, =s or >s.
Dollar quoting is, as you noted, for SQL string literals, hstore's parser doesn't know what they mean.