I've got a problem with the angularfire firestore query. Apparently the only working opStr in the where Query seems to be "==". I am trying to get documents with a value >= 1 but I am unable to get it to work.
So what I have tested is what I get when I query with different WhereFilterOps.
In my Firestore DB I've got a document with the key/value pair mytestvalue/1:number.
So I've created a query with the where clause:
.where("mytestvalue", ">=", 1)
And I do not get back the object. If I change the clause to:
.where("mytestvalue", "==", 1)
I do get the result I am expecting. Am I missing something? Do I need to add an index or something to be able to use the ">=" Operator?
I'm currently using #angular/fire 5.3.0. Do I need to upgrade to 6.0?
Thanks in advance!
Oh my god, sorry. I DID need an index. Guess I had the answer but was not able to use my brain properly.
Related
I've been attempting to increase my knowledge and trying out some challenges. I've been going at this for a solid two weeks now finished most of the challenge but this one part remains. The error is shown below, what am i not understanding?
Error in sqlite query: update users set last_browser= 'mozilla' + select sql from sqlite_master'', last_time= '13-04-2019' where id = '14'
edited for clarity:
I'm trying a CTF challenge and I'm completely new to this kind of thing so I'm learning as I go. There is a login page with test credentials we can use for obtaining many of the flags. I have obtained most of the flags and this is the last one that remains.
After I login on the webapp with the provided test credentials, the following messages appear: this link
The question for the flag is "What value is hidden in the database table secret?"
So from the previous image, I have attempted to use sql injection to obtain value. This is done by using burp suite and attempting to inject through the user-agent.
I have gone through trying to use many variants of the injection attempt shown above. Im struggling to find out where I am going wrong, especially since the second single-quote is added automatically in the query. I've gone through the sqlite documentation and examples of sql injection, but I cannot sem to understand what I am doing wrong or how to get that to work.
A subquery such as select sql from sqlite_master should be enclosed in brackets.
So you'd want
update user set last_browser= 'mozilla' + (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
Although I don't think that will achieve what you want, which isn't clear. A simple test results in :-
You may want a concatenation of the strings, so instead of + use ||. e.g.
update user set last_browser= 'mozilla' || (select sql from sqlite_master''), last_time= '13-04-2019' where id = '14';
In which case you'd get something like :-
Thanks for everyone's input, I've worked this out.
The sql query was set up like this:
update users set last_browser= '$user-agent', last_time= '$current_date' where id = '$id_of_user'
edited user-agent with burp suite to be:
Mozilla', last_browser=(select sql from sqlite_master where type='table' limit 0,1), last_time='13-04-2019
Iterated with that found all tables and columns and flags. Rather time consuming but could not find a way to optimise.
I´m Looking for search values into my Datastore but I need information filtered by value. I know Datastore is no relational DB, but how could I get the goal?
I´m trying this:
$ds = new DatastoreClient(['keyFilePath' => 'foo.json');
$q = $ds->gqlQuery('SELECT * FROM EMPLOYEES WHERE NAME LIKE "%$'.val.'%"');
$res = $ds->runQuery($q);
The LIKE keyword is not supported, What I can use instead?
As Sammitch suggested, you can perform Datastore queries following the instructions described here or in this Stack Overflow post. The syntax is different, but the regular expression idea is the same.
I am using Xojo 2013 Version 1. I am trying to delete a record from a SQLite database. But I am failing miserably. Instead of deleting the record, it duplicates it for some reason.
Here is the code that I use:
command = "DELETE * from names where ID = 10"
namesDB.SQLExecute(command)
I am dynamically generating command. but however I change it it always does the same. Same result with or without quotes.
Any ideas?
The very first thing I would do is check to see if there is an error being generated.
if namesDB.Error then
dim s as string = namesDB.errorMessage
msgbox s
return
end
It will tell you if there's a database error and what the error is. If there's no error then the problem lies elsewhere.
FWIW, always, always, always check the error bit after every db operation. Unlike other languages, Xojo does NOT generate/throw an exception if there's a database error so it's up to you to check it.
Try calling Commit().
I just made a sample SQLite database with a "names" table, and this code worked fine:
db.SQLExecute("Delete from names where ID=2")
db.Commit
I have done a lot of work with XOJO and SQLite, and they work well together. I have never seen a record duplicated erroneously as you report. That is very weird. If this doesn't help, post more of your code. For example, I assume your "command" variable is a String, but maybe it's a Variant, etc.
I think on SQLite you don't need the * between the DELETE and the FROM.
I am trying to perform queries using the OR operator as following:
MapReduceResult result = riakClient.
mapReduce("some_bucket", "Name:c1 OR c2").
addMapPhase(new NamedJSFunction("Riak.mapValuesJson"), true).
execute();
I only get the 1st object in the query (where name='c1').
If I change the order of the query (i.e. Name:c2 OR c1) again I get only the first object in query (where name='c2').
is the OR operator (and other query operators) supported in the java client?
I got this answer from Basho engeneer, Sean C.:
You either need to group the terms or qualify both of them. Without a field identifier, the search query assumes that the default field is being searched. You can determine how the query will be interpreted by using the 'search-cmd explain' command. Here's two alternate ways to express your query:
Name:c1 OR Name:c2
Name:(c1 OR c2)
both options worked for me!
I get the following error:
Cannot use empty object or column names. Use a single space if necessary.
Msg 1038, Level 15, State 3, Line 1
and the query command looks like:
SELECT TOP 100 PERCENT
[].[cms_page].[pa_id], [].[cms_page].[pa_key],
[].[cms_page].[pa_title], [].[cms_page].[pa_keywords],
[].[cms_page].[pa_description], [].[cms_page].[pa_header],
[].[cms_page].[pa_created], [].[cms_page].[pa_modified],
[].[cms_page].[pa_language] FROM [cms_page]
WHERE
[cms_page].[pa_key] = #pa_key0
ORDER BY
[pa_id] ASC;
Strange indeed. Why does this happen? I'm using SubSonic 2.1.
Connectionstring:
<add name="OCDB" connectionString="Network Library=DBMSSOCN;Data Source=127.0.0.1,1433;Initial Catalog=test_db;User ID=test;Password=testpwd"/>
Edit: Well the solution was just to simply generate and rebuild the Data Access Layer and I was good to go.
You seem to be using a 3 part name with part of it empty, i.e. '[].'
It looks as though the query text is being constructed with an empty table schema.
Those empty [] square brackets should contain something like "dbo" to make the query syntactically valid. I don't know enough about SubSonic to give you a code sample though.
I'm not familiar with SubSonic, but have you tried a simpler query to test if you have your syntax correct? Does this query even work in SQL Server (Management Studio / Query Analyzer)?
Just looking at this from the perspective of SQL Server, you are using way too many brackets. If I was writing that query in SQL Server, it would look more like what I wrote below. I'm not sure about the variable #pa_key0, is this query part of a stored procedure or does SunSonic replace this variable when the query is ran?
SELECT
pa_id,
pa_key,
pa_title,
pa_keywords,
pa_description,
pa_header,
pa_created,
pa_modified,
pa_language
FROM
cms_page
WHERE
pa_key = #pa_key0
ORDER BY
pa_id ASC;
I think you need to set the schema for Subsonic to use. This thread seems to have some information:
Subsonic - How to use SQL Schema / Owner name as part of the namespace?