I have a collection I'm unable to drop, I'm assuming that the "-" in its name is a special character. In MongoDB, what is the best way to escape special characters?
> db.tweets.drop();
true
BUT
> db.tweets-old.drop();
ReferenceError: old is not defined (shell):1
I've tried to escape with quotes (both single and double) and a slash, but nothing works.
The following works:
db["tweets-old"].drop();
It's called the square bracket notation, which allows you to use special characters in property names.
So does:
db.getCollection("tweets-old").drop()
And that has been around for a while now.
In addition, the method call also mimics what is the general "get a collection" accessor method in all officially supported MongoDB drivers. So the suggestion here is that you get used to using it this way, since the "named collection" accessor is how it is generally done.
Related
Is there any way to escape SQL Like string when using "sqlLike" and "sqlLikeCaseInsensitive"?
Example: I want a match for "abc_123". Using "_______" (7 underscores) would also return "abcX123", how can I enforce "_" as the 4th character?
If you issue the query in persistence, this is actually not a mdriven issue but an SQL issue as mdriven converts the Expression into SQL. So if you really want to restrict the results to underscores only take a look to this question:
Why does using an Underscore character in a LIKE filter give me all the results?
The way to escape the underscore may depend on the needs of your SQL database as the different answers indicate.
I have a collection I'm unable to drop, I'm assuming that the "-" in its name is a special character. In MongoDB, what is the best way to escape special characters?
> db.tweets.drop();
true
BUT
> db.tweets-old.drop();
ReferenceError: old is not defined (shell):1
I've tried to escape with quotes (both single and double) and a slash, but nothing works.
The following works:
db["tweets-old"].drop();
It's called the square bracket notation, which allows you to use special characters in property names.
So does:
db.getCollection("tweets-old").drop()
And that has been around for a while now.
In addition, the method call also mimics what is the general "get a collection" accessor method in all officially supported MongoDB drivers. So the suggestion here is that you get used to using it this way, since the "named collection" accessor is how it is generally done.
I'm coming across a strange situation where I cannot search on string tags that end with a special character. So far I've tried ) and ].
For example, given a Fruit index with a record with a tag apple (red), if you query (using the JS library) with tagFilters: "apple (red)", no results will be returned even if there are records with this tag.
However, if you change the tag to apple (red (not ending with a special character), results will be returned.
Is this a known issue? Is there a way to get around this?
EDIT
I saw this FAQ on special characters. However, it seems as though even if I set () as separator characters to index that only effects the direct attriubtes that are searchable, not the tag. is this correct? can I change the separator characters to index on tags?
You should try using the array syntax for your tags:
tagFilters: ["apple (red)"]
The reason it is currently failing is because of the syntax of tagFilters. When you pass a string, it tries to parse it using a special syntax, documented here, where commas mean "AND" and parentheses delimit an "OR" group.
By the way, tagFilters is now deprecated for a much clearer syntax available with the filters parameter. For your specific example, you'd use it this way:
filters: '_tags:"apple (red)"'
I have a collection I'm unable to drop, I'm assuming that the "-" in its name is a special character. In MongoDB, what is the best way to escape special characters?
> db.tweets.drop();
true
BUT
> db.tweets-old.drop();
ReferenceError: old is not defined (shell):1
I've tried to escape with quotes (both single and double) and a slash, but nothing works.
The following works:
db["tweets-old"].drop();
It's called the square bracket notation, which allows you to use special characters in property names.
So does:
db.getCollection("tweets-old").drop()
And that has been around for a while now.
In addition, the method call also mimics what is the general "get a collection" accessor method in all officially supported MongoDB drivers. So the suggestion here is that you get used to using it this way, since the "named collection" accessor is how it is generally done.
I know I have to escape single quotes, but I was just wondering if there's any other character, or text string I should guard against
I'm working with mysql and h2 database...
If you check the MySQL function mysql-real-escape-string which is used by all upper level languages you'll see that the strange characters list is quite huge:
\
'
"
NUL (ASCII 0)
\n
\r
Control+Z
The upper language wrappers like the PHP one may also protect the strings from malformed unicode characters which may end up as a quote.
The conclusion is: do not escape strings, especially with hard-to-debug hard-to-read, hard-to-understand regular expressions. Use the built-in provided functions or use parameterized SQL queries (where all parameters cannot contain anything interpredted as SQL by the engine). This is also stated in h2 documentation: h2 db sql injection protection.
A simple solution for the problem above is to use a prepared statement:
This will somewhat depend on what type of information you need to obtain from the user. If you are only looking for simple text, then you might as well ignore all special characters that a user might input (if it's not too much trouble)--why allow the user to input characters that don't make sense in your query?
Some languages have functions that will take care of this for you. For example, PHP has the mysql_real_escape_string() function (http://php.net/manual/en/function.mysql-real-escape-string.php).
You are correct that single quotes (') are user input no-no's; but double quotes (") and backslashes (\) should also definitely be ignored (see the above link for which characters the PHP function ignores, since those are the most important and basic ones).
Hope this is at least a good start!