I'm writing a tool to exploit SQL Injections. I'm trying to add support to SQLite now and I'm facing a problem: if I need to insert a string but quotes are escaped in Mysql I can use 0x65..., or in Postgres CHR(65)||.... But in SQLite I can't find any way of doing this without using quotes.
Can anyone help me?
Thanks in advance
I don't believe there's a general solution. You may be able to assemble your string using parlor tricks if it contains the right characters. E.g., substr(quote(hex(0)),1,1) will return "'", upper(substr(typeof(cast(0 as text)),3,1)) will return "X", etc. I doubt you can get the whole alphabet this way, but it might be enough for whatever injection you're planning.
I don't know of an equivalent, however you can check the documentation to see if there is anything you can use:
http://www.sqlite.org/lang_corefunc.html
http://www.sqlite.org/lang_aggfunc.html
Related
I want to remove punctuation from a database of xml document in marklogic. This is made for preprocessing purposes for machine learning. I'm new to marklogic and i don't know how to do that. Is there an xquery query that could remove punctuation?
To do a mass replacement of all text in the database, and take out punctuation, you could start with something that looks like this code (modified for your needs):
for $doc in cts:search(fn:collection(), ())
for $text in $doc//text()
return xdmp:node-replace($text, text{fn:replace($text, "[\.,;]", "")})
To be honest, that task is much less expensive to do on the source text files themselves - or in MarkLogic by treating the XML as string during the replacement process. Updating nodes one element at a time will be expensive.
Outside of Marklogic:
use SED or AWK or a similar tool BEFORE INGESTION
Inside of MarkLogic(as a trigger, perhaps)
use xdmp:quote to change the XML to a string, then replace in a sing with fn:replace and then make XML again with xdmp:unquote
let $new-doc := xdmp:unquote(fn:replace(xdmp:quote($doc), "[\.,;]", ""))
Then either store by replacing the root node with xdmp:node-replace - or store this version as a property. This all depends on if the original (punctuated version matters to you). Or perhaps you just want to keep the original and serve this cleansed version back to someone.
In all cases above, you have to make sure that your replacement does not murder your XML. Also, be aware of options for the functions above(like how cdata is handled.
Lastly, "This is for machine learning purposes". You do not elaborate. I think many of us here have a feeling that this solution (cleansing punctuation before insert) rubs against the very grain of MarkLogic - in which you store as-is and then have awesome index, tokenizing, stemming, collation, search support to find and return your data as you need. If you were to elaborate on your use case a bit, you may inspire others to give more MarkLogic-Specific suggestions.
It will work if you use 'punctuation-insensitive' and if required 'diacritic-insensitive' in cts:element-word-query()
I'm not sure if this is what you're asking, but it's technically possible to update every document in the database to remove punctuation; however, it's very expensive and I wouldn't recommend it.
Using built-in search functions, you can probably achieve the same goal without updating your documents by querying with punctuation insensitivity. For example, if you want to select documents with a title matching a case insensitive string:
cts:search(//mydoc,
cts:element-word-query(xs:QName('title'), 'Moby-Dick', 'punctuation-insensitive'))
Or in an existing XQuery:
for $d in $documents
where cts:contains($d,
cts:element-word-query(xs:QName('title'), 'Moby-Dick', 'punctuation-insensitive'))
return $d/summary
I want to create a regular expression for subdomain like:
In the textbox user need to enter like
abc1.test.com
or
abc1s.test.com
Note: .test.com is always required at the end.
The variable part can contain any letter, alphabets etc
I dont know anything about regex so i ask this silly question. I googled it for more than 2 hours but dont find any good example.
Please note this is not a homework.
Any help is highly appreciated.
There are a number of useful resources on regex online, including:
http://regexpal.com/ - test out your regex
http://www.regular-expressions.info/reference.html - regex reference
http://www.addedbytes.com/cheat-sheets/regular-expressions-cheat-sheet/ - useful cheat sheet
I am sure other members will have better resources but these have sufficed for me in the past.
The following regex should work for you:
^((.+)(.test.com){1})$
the '.' is any character except new line
the '+' is one or more times
the '{1}' is exactly once
^[\d\w]+\.test\.com$ will work for your case.
I feel like I might be losing my mind...but if you search the AOT for anything with double colons "::", it fails completely. I'm trying to step through the Forms\SysAotFind to figure this out but I didn't want to spin my wheels a bunch for something that might be on my system only.
To reproduce in AX 2009, select Classes\SalesTableType, press Ctrl+F and put "CustLedgerAccounts::sumAccount" in the containing text box and click find now. You can see this is clearly located in the Classes\SalesTableType\accountCust method. I've tried searching for base enums inside objects with no luck either.
I noticed the same behavior, but escaping the colons with a backslash makes the search work correctly.
So in your case you would need to search for "CustLedgerAccounts\:\:sumAccount".
The search uses regular expressions in the syntax defined by the match function.
Colon is a special character, hence it needs to be escaped by a backslash.
For those searching for a fix, you can see where the issue is here and just tweak it if you want to allow specifically for double colons:
[c] \Classes\SysTreeNodeSearch\isNodeInRange #46
if (!match(containingText,source))
return false;
Hey Looking for a regular expression which I can use to check for valid DB types of Money.
I.e. Examples
9.8600
11.5400
Cheers
\d+.\d{4}
Would match the two examples you give.
Regex.IsMatch("11.5400 ", #"\A\d+.\d{4}\Z");
I'm building an automated RSS feed in ASP.NET and occurrences of apostrophes and hyphens are rendering very strangely:
"Here's a test" is rendering as "Here’s a test"
I have managed to circumvent a similar problem with the pound sign (£) by escaping the ampersand and building the HTML escape for £ manually as shown in in the extract below:
sArticleSummary = sArticleSummary.Replace("£", "£")
But the following attempt is failing to resolve the apostrophe issue, we stil get ’ on the screen.
sArticleSummary = sArticleSummary.Replace("’", "’"")
The string in the database (SQL2005) for all intents and purposes appears to be plain text - can anyone advise why what seem to be plain text strings keep coming out in this manner, and if anyone has any ideas as to how to resolve the apostrophe issue that'd be appreciated.
Thanks for your help.
[EDIT]
Further to Vladimir's help, it now looks as though the problem is that somewhere between the database and it being loaded into the string var the data is converting from an apostrophe to ’ - has anyone seen this happen before or have any pointers?
Thanks
I would guess the the column in your SQL 2005 database is defined as a varchar(N), char(N) or text. If so the conversion is due to the database driver using a different code page setting to that set in the database.
I would recommend changing this column (any any others that may contain non-ASCII data) to nvarchar(N), nchar(N) or nvarchar(max) respectively, which can then contain any Unicode code point, not just those defined by the code page.
All of my databases now use nvarchar/nchar exclusively to avoid these type of encoding issues. The Unicode fields use twice as much storage space but there'll be very little performance difference if you use this technique (the SQL engine uses Unicode internally).
Transpires that the data (whilst showing in SQLServer plain) is actually carrying some MS Word special characters.
Assuming you get Unicode-characters from the database, the easiest way is to let System.Xml.dll take care of the conversion for you by appending the RSS-feed with a XmlDocument object. (I'm not sure about the elements found in a rss-feed.)
XmlDocument rss = new XmlDocument();
rss.LoadXml("<?xml version='1.0'?><rss />");
XmlElement element = rss.DocumentElement.AppendChild(rss.CreateElement("item")) as XmlElement;
element.InnerText = sArticleSummary;
or with Linq.Xml:
XDocument rss = new XDocument(
new XElement("rss",
new XElement("item", sArticleSummary)
)
);
I would just put "Here's a test" into a CDATA tag. Easy and it works.
<![CDATA[Here's a test]]>