I know about parameterized query, but since I have to programmatically construct the where condition, taking count of the parameters and building the parameters array is a task much more complex than simply calling an escape function when required. So:
is there a parameters escape function in node-postgres?
Yes, since this PR there are client.escapeIdentifier and client.escapeLiteral (sadly still undocumented). However, it is not recommended to use them when you can use parameterised queries, and for dynamic WHERE condition you can easily construct a query object with text and values on the fly.
Related
I just found Optuna and it seems they are integrated with lightGBM, but I struggle to see where I can fix parameters, e.g scoring="auc" and where I can define a gridspace to search, e.g num_leaves=[1,2,5,10].
Using https://github.com/optuna/optuna/blob/master/examples/lightgbm_tuner_simple.py as example, they just define a params dict with some fixed parameters (are all parameters not specified in that dict tuned?), and the documentation states that
It tunes important hyperparameters (e.g., min_child_samples and feature_fraction) in a stepwise manner
How can I controll which parameters are tuned and in what space, and how can I fix some parameters?
I have no knowledge of LightGBM, but since this is the first result for fixing parameters in optuna, I'll answer that part of the question:
In optuna, the search space is defined within the code of the objective function. This function should take a 'trials' object as an input, and you can create parameters by calling the suggest_float(), suggest_int() etc. functions on that trials object. For more information, see the documentation at 10_key_features/002_configurations.html
Generally, fixing a parameter is done by hardcoding it instead of calling a suggest function, but it is possible to fix specific parameters externally using the PartialFixedSampler
I'm doing research on injection vulnerabilities with MongoDB. Of course, one of the main culprits is the $where operator. While the best advice might certainly be to avoid using this operator whenever possible, I'm trying to understand how to safely escape user input in cases when $where might actually be in use.
A trivial example:
db.foo.find({$where: 'this.value === ' + userInput})
The MongoDB FAQ provides a hint at how this might be done:
If you need to pass user-supplied values in a $where clause, you may escape these values with the CodeWScope mechanism. When you set user-submitted values as variables in the scope document, you can avoid evaluating them on the database server.
However I've been unable to find good information on the CodeWScope mechanism, specifically:
How to go about using this mechanism, especially with the Node driver for MongoDB, in the context of input escaping for use with $where or anything else.
A description on what it actually does, i.e., how it escapes values and/or mitigates injection attacks.
The MongoDB Node Driver API Reference documents a class called Code, which might in fact be the "CodeWScope mechanism", but the reference is sparse and there are no usage examples and no description that illuminates the actual mechanism:
Code
new Code(code, scope)
A class representation of the BSON Code type.
Param: code Type: string | function Desc: a string or function
Param: scope Type: Object Desc: an optional scope for the function.
Other references, such as BSON Types offer almost nothing on the subject.
I'm looking for guidance and information on:
What is the CodeWScope mechanism?
How do I use it with the Node driver?
How does MongoDB evaluate CodeWScope-wrapped values to mitigate or prevent injection attacks?
Is there better documentation on its use, or examples/tutorials, than I've been able to uncover?
I am trying to search the results for the negation of particular id in solr. It have found that this can be done in two ways:
(1) fq=userid:(-750376)
(2) fq=-userid:750376
Both are working fine and both are giving correct results. But I can one tell me which is the better way of either two. Which one should I prefer?
You can find out what query the fq parameter's value is parsed into by turning on debugQuery (add the parameter debug=true). Then, in the Solr response, there should be an entry "parsed_filter_queries" under "debug", and the entry should show the string representation of the parsed filter query (or queries) being used.
In your case, both forms of fq should be parsed into the same query, i.e. a boolean query with a single clause stating that the term userid:750376 must not occur. Therefore, which form you use does not matter, at least in terms of correctness or performance.
For us the query looks little different. But for Solr, both are same.
First, Solr parse the query provided by you. Then search for the result. In your case, for both the queries Solr's "parsed_filter_queries" is fq=-userid:750376 only.
fq=userid:(-750376)
fq=-userid:750376
You can check this by enabling debugQuery from Admin window. You can also pass debugQuery=true with query. Hope this will help.
Is there such a thing as a custom datatype in MPI, or do you have to flatten everything into a text string and pass as MPI_CHAR? If you are required to flatten everything, is there a built-in function I am overlooking?
The answer is MPI_Type_contiguous (the link is to the documentation). It allows you to block out a specific amount of space based on basic data types, and their respective offsets.
A much better answer is MPI_Type_create_struct. It allows you to replicate your struct datatype and pass it around, there is a great example of it's use at DeinoMPI.
I didn't find it on their doc http://www.sqlite.org/lang_corefunc.html
So just want to get confirm or options here.
From Instr, Locate or Splite it seems no, but you can implement your own
I think you will have to write your
own user defined function to do this.
The SQL standard defines a POSITION()
function that returns the position of
one string within another, but sqlite
doesn't implement it. It should be
fairly simple to provide your own
function to do this. You can look at
the standard functions in func.c for
some examples of using the custom
function API routines (the same
routines are used to define all the
standard functions; sum, round,
substr, etc.).