It is possible to use "AND" while querying for Objects in Entity like
Post.find("byTitleLikeAndAuthor", "%hello%", connectedUser).fetch();
but is it possible to user "OR" while querying, like
Post.find("byNameOrEmail", name, email).fetch();
Thank you
Fixed!!
Use Post.find(" name = ? or email ?", name, email).fetch();
While using "where" in the query, it fails saying "unexpected token"
It is indeed possible to use "And" clauses when constructing objects, but I'm not aware of a possibility in simplified query to use "Or".
However, play can be used in many ways. Instead of writing :
Post.find("byNameOrEmail", name, email).fetch();
You can write :
Post.find("name = ? or email = ?", name, email).fetch();
using JPQL syntax.
It's not possible to use simplified query with or. To enable it you must change the implementation of findByToJPQL in the class play.db.jpa.JPQL. Wrote test and enhance the documentation and create a patch.
How ever you can use the JPQL.
Related
I want to create queries using EF FromSqlInterpolated or FromSqlRaw that allows me to use Like clauses, but I don't know what is the right way to do it without opening the application to SqlInjection attacks.
One first approach has took me to the following code
var results = _context.Categories.FromSqlInterpolated(
$"Select * from Category where name like {"%" + partialName + "%"}");
First test worked fine, it returns results when providing expected strings, and returns nothing when i provide something like ';select * from Category Where name='Notes'--%';
Still I don't know much about SqlInjection, at least not enough to feel safe with the query shown before.
Does someone know if the query is safe, or if there is a right way to do it?
Thanks
From this document
The FromSqlInterpolated and ExecuteSqlInterpolated methods allow using
string interpolation syntax in a way that protects against SQL injection attacks.
var results = _context.Categories.FromSqlInterpolated(
$"Select * from Category where name like {"%" + partialName + "%"}");
Or you can also change your query to Linq-to-Entity like this way
var results = _context.Categories.Where(p => p.name.Contains(partialName ));
I know that using CodeIgniter's Query Builder should protect against SQL injection. The Manual says that it "allows for safer queries, since the values are escaped automatically by the system." But I'm not sure if by "values" they mean anything that goes through the Query Builder, or only values that are passed in simple stucture like : $this->db->where('name', $name);
For instance, if I use:
$this->db->select('student_id, concat(fname, " ",lname) as student_name');
$this->db->from('student');
$this->db->join('class_has_teacher',"student.class_id=class_has_teacher.class_id AND teacher_id=$teacher_id");
$query = $this->db->get();
Would the $teacher_id in the JOIN condition also be escaped?
(In case it matters, I'm using CodeIgniter 3.1.9)
Yes, $teacher_id would be escaped.
The Overpass API language guide does allow for logical operators when matching a tag value... for example:["name"~"holtorf|Gielgen"] will return whatever object has either name=holtorf or name=Gielgen.
You can also combine conditions and they will become an AND... so for example:
["name"]["name"="holtorf"]. Means to search for things that have the tag "name" and that the tag name is equal to "holtorf".
But what I want is an OR operator... something like:
["name"="holtorf"]|["name:eng"holtorf"]
In my specific application, I just want to know if there is ANY tag that start with "name"... so what I would like to do is put this into the API: ["^name"] (cause in this API "^" means "starts with"). But of course it searches for literal "^name" and returns nothing.
Is there some workaround?
There is no OR operation, but you can use UNION
(
way["name"="holtorf"];
way["name:eng"=holtorf"]
);
There is also a DIFFERENCE and negotiation http://wiki.openstreetmap.org/wiki/Overpass_API/Overpass_QL#Difference
And in your particular case, you could use key-value regexpressions matching. http://wiki.openstreetmap.org/wiki/Overpass_API/Overpass_QL#Key.2Fvalue_matches_regular_expression_.28.7E.22key_regex.22.7E.22value_regex.22.29
[~"^name.*$"~"^holtorf$"];
//or only for key
[~"^name.*$"="Holtorf"];
I have the following entity in ElasticSearch:
{
"id": 123,
"entity-id": 1019,
"entity-name": "aaa",
"status": "New",
"creation-date": "2014-08-06",
"author": "bubu"
}
I try to query for all entities with status=New, so the above entity should appear there.
I run this code:
qesponse.setQuery(QueryBuilders.termQuery("status", "New"));
return qResponse.setFrom(start).setSize(size).execute().actionGet().toString();
But it return no result.
If I use this code (general search, not of specific field) I get the above entity.
qResponse.setQuery(QueryBuilders.queryString("New");
return qResponse.setFrom(start).setSize(size).execute().actionGet().toString();
Why?
The problem is a mismatch between a Term Query and using the Standard Analyzer when you index. The Standard Analyzer, among other things, lowercases the field when it's indexed:
Standard Analyzer
An analyzer of type standard is built using the Standard Tokenizer
with the Standard Token Filter, Lower Case Token Filter, and Stop
Token Filter.
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/analysis-standard-analyzer.html
The Term query, however, matches without analysis:
Term Query
Matches documents that have fields that contain a term (not analyzed).
The term query maps to Lucene TermQuery.
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-term-query.html
So in your case when you index the field status it becomes "new". But when you search with a Term Query it's looking for "New" - they don't match. They do match with a general search it works because the general search also uses the Standard Analyzer.
The default value of index for a string field is analyzed . So, when you write "status" = "New" , it will use standard_analyzer, and after analyzing it will write as "new" .
So, term Query doesn't seems to be working, If you wish to query like you specified ,write mapping for the field as "not_analyzed".
For more info. link
I want to be able to search for my objects by searching for the last 4 characters of the id. How can I do that?
Book.where(_id: params[:q])
Where the param would be something like a3f4, and in this case the actual id for the object that I want to be found would be:
bc313c1f5053b66121a8a3f4
Notice the last for characters are what we searched for. How can I search for just "part" of my objects id? instead of having my user search manually by typing in the entire id?
I found in MongoDB's help docs, that I can provide a regex:
db.x.find({someId : {$regex : "123\\[456\\]"}}) // use "\\" to escape
Is there a way for me to search using the regular mongo ruby driver and not using Mongoid?
Usually, in Mongoid you can search with a regexp like you normally would with a string in your call to where() ie:
Book.where(:title => /^Alice/) # returns all books with titles starting with 'Alice'
However this doesn't work in your case, because the _id field is not stored as a string, but as an ObjectID. However, you could add (and index) a field on your models which could provide this functionality for you, which you can populate in an after_create callback.
<shameless_plug>
Alternatively, if you're just looking for a shorter solution to the default Mongoid IDs, I could suggest something like mongoid_token which makes it pretty easy to add shorter tokens/ids to your Mongoid documents.
</shameless_plug>