Run set names query, and json unicode on laravel - javascript

I'm new on Laravel
and I search for a way to run queries
I'm not talking about select etc...
I want to run this query:
SET NAMES 'utf8'
This is question number one,
Now question number two:
I have data writen in hebrew in my db
and when I do on Laravel this code:
$todolist = DB::select('select * from todo');
return $todolist;
I get this result:
[{"id":1,"name":"\u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4","done":0},{"id":2,"name":"\u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4 \u05d1\u05dc\u05d4","done":1}]
What is this? unicode? how can I turn it to hebrew again?
My mission is to send it back to client side and then show it on the web page
How can I translate this from unicode to hebrew with Java Script ?

You can use the statement method of the DB class, like so:
DB::statement("SET NAMES 'utf8'");
I'm not entirely aware of the situation but I would recommend this be within a migration.
Regarding the unicode characters, those should render in views correctly and should be usable within Javascript (see http://codepen.io/anon/pen/LZpOqY)

Related

Looking for a simple text Template Engine to generate Query

I am using couchbase which has a feature called N1QL which is similar to SQl but for couchbase doc store. My problem is that if i want to query by several fields i have to create a template for each possible option which can get out of hand.
Before i take a stab at building my own template based system i was wondering if there is a basic text template engine which supports stuff like if and ets me pass values.
This is part of a sample query
FROM Contacts AS f
LEFT JOIN Contacts AS t
ON t._type ="tract_info" AND ANY b IN t.tract_id SATISFIES b = f.tract END
WHERE f._type="farm" and f.tract IN $3 $4
order by f.PropertyAddress.streetName, TONUMBER(f.PropertyAddress.houseNumber)
where i would like to pass something like {25,0,(12,25,35),“and ARRAY_COUNT(f.phones) > 0 and ARRAY_COUNT(f.emails) > 0”}
Any idea or pointesr would be great
The SDK already has a way to construct queries programmatically. You can see an example of this in the demo app, here:
https://github.com/couchbaselabs/try-cb-java/blob/5.0-updates/src/main/java/trycb/service/Airport.java#L36
This is Java code, of course. But the JS SDK should have something similar.

How to read Python list in Javascript [in a Django template]

I'm programming in oTree (which is a Django based environment for social experiments) and I have the following problem. I defined some lists in Python and I'd like to import them and use them in an HTML template. If I print them in HTML I manage to see them without any problem, however, once I need to use them in Javascript, the program fails to read them and the single quotes of the elements of the list are converted in '.
The list is imported like this var filtered_elements = {{ array }};.
I think the problem is exactly here, as JS cannot work with them. Do you have any suggestion on how to do that? I considered using JSON, but since I'm quite new to programming, I cannot understand if it's just a waste of time or there is a simpler way out.
Thanks for your answers!
It sounds like your data is already JSON, otherwise you would be getting single quotes and u prefixes. So the only issue is Django autoescaping; you can disable it with the safe filter:
var filtered_elements = {{ array|safe }};
Your data should be JSON, instead of putting the Python list into the contact directly, put "array": json.dumps(array) in the context dictionary.
The JSON string doesn't need HTML escaping inside a tag, but it does need JS escaping! Otherwise some string may include something like </script><script>absolutely anything goes here... to run arbitrary JavaScript, if the JSON contains user data.
So use |escapejs:
var filtered_elements = {{ array|escapejs}};

MD5 hash is Different

On sql server : Out put : 0x5C8C8AAFE7AE37EA4EBDF8BFA01F82B8
SELECT HASHBYTES('MD5', convert(varchar,getdate(),112)+'mytest#+')
On JavaScript : Out put : 5c8c8aafe7ae37ea4ebdf8bfa01f82b8
//to get Md5 Hash bytes
vm.getMd5Hashbytes = function () {
var currentDate = moment().format('YYYYMMDD');
var md5Hash = md5.createHash(currentDate + 'mytest#+');
return md5Hash;
}
angular-md5 module
Q : Can you tell me why this difference ? SQL server shows 0x as prefix.Why ?
This is purely a formatting issue. Both versions are producing an identical sequence of bytes. SQL Server and node just have different conventions when it comes to presenting these bytes in a human readable format.
You can get similar formatting by specifically telling SQL Server how to format your binary data
declare #hashAsBinary varbinary(max)
declare #hashAsText char(32)
set #hashAsBinary = HASHBYTES('MD5', '20160818mytest#+')
set #hashAsText = LOWER(CONVERT(varchar(max), #hashAsBinary, 2))
select #hashAsText
Which outputs:
5c8c8aafe7ae37ea4ebdf8bfa01f82b8
See SQL Server converting varbinary to string
I am not sure how else to explain it but it will take more space than a comment allows for so I will post it as an answer.
Look at the source code that you are referencing. At the end (lines 210 and 212) you will see it converts the binary value to a hex string (and then to lower case which does not matter unless you opt for a string comparison at the end). End result = your JavaScript library returns a representation using the type string formatted as hex.
Your Sql function HASHBYTES on the other hand produces a varbinary typed result (which is a different type than string (varchar)).
So you have 2 different data types (each living on their own space as you have not pulled one to the other). You never mention where you are doing the comparison, ie: on the database or are you pulling from the database to script. Either way to do a comparison you need to convert one type so you are either comparing 2 strings types OR comparing two binary types. If you do not compare similar types you will get unexpected results or run time exceptions.
If you are comparing using strings AND in JavaScript then look at your library that you are referencing, it already has a call named wordToHex, copy and paste it and reuse it to convert your Sql result to a string and then do a string comparison (do not forget to compare case insensitive or also make it lower case).
Edit
WebApi is black box for me.It is a 3rd party service.I just need to send the security token as mentioned above.
Assuming that the type accepted by that web api is byt[] appending 0x to your string in javascript and then sending it to the web api should work as in the web api will then translate the incoming parameter as a byte array and execute the comparison using the correct types. As this is a black box there is no way to know for certain unless you either ask them if the accepted type is indeed a byte array or to test it.

Is this a good way for SQL injection prevention

i have read many things here about how to prevent SQL injection also on other website and forums. Only thing is thats it makes me really confused on the way how to protect your website when writing stuff to the database.
I'm creating as schol project something where there alot of input from the users wil be writte to the database, i'm currently check them by javascript if they contains iligal char. Then i use ajax to activate my controller, use the query in my model send it back to the view.
But lets go on on my problem.
If i validate a input first with javascript, (client-side), then server side with PHP. If i first check in php if the input contains iligal char like * '' `` > <, that kind of things. What you whould use in a query for geting information from the database. Then escape the whitescpases since i don't want to have things with spaces on the website as users input.
Then use mysqli_real_escape_string() on the input. Then send it to the query that will looks like this.
/**
* #param string
* #param string
* #return mixed
*/
public function updateUsername($oldUsername, $newUsername) {
return $this->_db->query("UPDATE `users` SET `username` = :new_username WHERE `username` = :old_username",
[':new_username' => $newUsername,':old_username' => $oldUsername]);
}
So
1 > Check using javascript
2 > Check by php on char like * < > ' #
3 > using mysqli_real_escape_string()
4 > To the PDO query
Is this a good way for prefending SQL injection, i really don't want to send my school project live in the air with SQL injection haha.
Greetz,
Also many thanks for reading my long story
No. Banning characters prevents people from using them and there are often valid reasons to use them. If it makes no sense for the characters to appear in the data, then you can filter them to help keep the data sane. Don't do it as a security measure.
Ditto
No. Parametrised queries are better.
Yes, but not in combination with mysqli_real_escape_string since you shouldn't mix APIs and if you used both you would double escape things and put \ characters in your data.

Selecting data from csv

i want to select data from csv file here is my code
var filenamecsv="D://Data.csv";
adoConn1.Open("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=d:\;
Extended Properties='text;HDR=Yes;FMT=Delimited';");
adoRS1.Open("Select * From Data.csv",adoConn1,1,3);
but when i execute my project i get following error
Microsoft JET Database Engine: The Microsoft Jet database engine could not find the
object 'Data.csv'. Make sure the object exists and that you spell its name
and the path name correctly.
what should i do?
It could be that you need to escape your backslash in D:\ in the connection string and use Data Source=D:\\;
Rather than "D://Data.csv", try "D:\data.csv".
See here: http://www.connectionstrings.com/textfile for a useful reference.

Categories