A cracker has cracked my SQL database installing the following script into most of the lines:
<script src=http://www.example.com/xx.js></script>
I need to delete in every line just this script, (not all the text in the lines) I have found the command:
DELETE FROM [tevalifeForum].[dbo].[FORUM_MEMBERS]
WHERE <Search Conditions,,>
GO
But I don't know how to proceed.
Assuming your column type is TEXT and you want to delete lines within that TEXT column, here's something similar to what I've done in the past:
DECLARE #script VARCHAR(100), #len INT, #i INT
SELECT
#script = '<script src=http://www.example.com/xx.js></script>',
#len = LEN(#script)
SELECT #i = MAX(DATALENGTH([col]))
FROM [tevalifeForum].[dbo].[FORUM_MEMBERS]
UPDATE [tevalifeForum].[dbo].[FORUM_MEMBERS]
SET [col] =
LEFT(CAST([col] AS VARCHAR(MAX)), CHARINDEX(#script, [col])-1)
+ SUBSTRING(CAST([col] AS VARCHAR(MAX)), CHARINDEX(#script, [col])+ #len, #1)
WHERE [col] LIKE '%' + #script + '%'
Please make sure that you have a valid backup and understand that this can only be 'undone' by restoring from backup.
Related
I have had to look up hundreds (if not thousands) of free-text answers on google, making notes in Excel along the way and inserting SAS-code around the answers as a last step.
The output looks like this:
This output contains an unnecessary number of blank spaces, which seems to confuse SAS's search to the point where the observations can't be properly located.
It works if I manually erase superflous spaces, but that will probably take hours. Is there an automated fix for this, either in SAS or in excel?
I tried using the STRIP-function, to no avail:
else if R_res_ort_txt=strip(" arild ") and R_kom_lan=strip(" skåne ") then R_kommun=strip(" Höganäs " );
If you want to generate a string like:
if R_res_ort_txt="arild" and R_kom_lan="skåne" then R_kommun="Höganäs";
from three variables, let's call them A B C, then just use code like:
string=catx(' ','if R_res_ort_txt=',quote(trim(A))
,'and R_kom_lan=',quote(trim(B))
,'then R_kommun=',quote(trim(C)),';') ;
Or if you are just writing that string to a file just use this PUT statement syntax.
put 'if R_res_ort_txt=' A :$quote. 'and R_kom_lan=' B :$quote.
'then R_kommun=' C :$quote. ';' ;
A saner solution would be to continue using the free-text answers as data and perform your matching criteria for transformations with a left join.
proc import out=answers datafile='my-free-text-answers.xlsx';
data have;
attrib R_res_ort_txt R_kom_lan length=$100;
input R_res_ort_txt ...;
datalines4;
... whatever all those transforms will be performed on...
;;;;
proc sql;
create table want as
select
have.* ,
answers.R_kommun_answer as R_kommun
from
have
left join
answers
on
have.R_res_ort_txt = answers.res_ort_answer
& have.R_kom_lan = abswers.kom_lan_answer
;
I solved this by adding quotes in excel using the flash fill function:
https://www.youtube.com/watch?v=nE65QeDoepc
I have data as:
Image of data I have
I want to add flag variables in the data as:
Image of data I want
I have tried the lag function but it didn't work due to the variable being character.
I want to flag any change in string variable.Please help.
I solved this using the query along the lines of:
CREATE TEMP TABLE WANT AS(
SELECT *, CASE WHEN LAG(NAME) OVER(PARTITION BY ID ORDER BY ID) != NAME
THEN 1
ELSE 0
END AS FLAG1
FROM DATA_HAVE
ORDER BY
ID);
No judging, just sharing.
I am exporting data from a SQL Server table to a .csv file, and then I use sp_send_email to email the file with data.
My problem is with this value:
Cantata Number 212 "Peasants Cantata", BWV 212
The value gets split into two columns in the .csv file that gets emailed. This value should be only in one column.
Some titles might contain a comma, which needs to be left in the string for those instances.
For example:
Cantata Number 212 Peasants Cantata" BWV 212"
I tried this method, but is not working:
Note: This SELECT statement resides inside a view vw_WeeklyReport
SELECT TOP 100 PERCENT
'"' + [p].[Title] + '"' [Title]
FROM
table
The code that exports the data and emails the .csv file:
BEGIN
SET NOCOUNT ON;
DECLARE #qry VARCHAR(8000);
-- Create the query, concatenating the column name as an alias
SET #Qry = 'SET NOCOUNT ON; SELECT Title FROM [vw_WeeklyReport] SET NOCOUNT OFF';
-- Send the e-mail with the query results in attachment.
EXEC [msdb].[dbo].[sp_send_dbmail]
#profile_name = 'default',
#recipients = '6lack#email.com',
#subject = 'Weekly Report',
#body = 'An attachment has been included in this email.',
#query_attachment_filename = 'WeeklyRep.csv',
#query = #qry,
#attach_query_result_as_file = 1,
#query_result_separator = ',',
#query_result_width = 32767,
#query_result_no_padding = 1;
END;
When there are comma's (or separators) in the field, that field should be enclosed with double quotes, and any double quotes within have to be escaped with another double quote:
"Cantata Number 212 ""Peasants Cantata"", BWV 212"
Once double quotes are used around fields, all fields containing double quotes should also be quoted and inside quotes escaped as well.
Maybe you could look for an option to export to csv using quoted fields.
Removing all the comma's could also be an option, but then you lose some information.
On the other hand, if there is only one column (as in your SELECT statement) there is no need at all to use csv. A plain text file can be used instead.
Change your query in the stored proc to something like this:
SET #Qry = 'SET NOCOUNT ON; SELECT replace(Title, ',', '') as Title FROM [vw_WeeklyReport] SET NOCOUNT OFF';
Note this is untested, but should give you what you're looking for. This is under the presumption that stripping out commas is acceptable, as was indicated in the initial post. If the commas need to remain intact, the answer isn't quite as simple.
i have table in DB = dle_post and a row contains id,full_story i want to check if full_story starts with "1." then list its id but the big problem is there are some spaces in the start of full_story some time 1 some time 2 and some time 3 , how can i list all ids starting with "1."
You want to execute some SQL like this, which you can also do in PHPmyAdmin...
SELECT id FROM dle_post WHERE LTRIM(full_story) LIKE '1%';
I think this will work!
Would this query help:
$id = fetch id here;
mysql_query("SELECT * FROM YOUR_TABLE WHERE id LIKE '%".$id."`%'", $someconnection);
YOUR_TABLE -> replace it with your table nime
Is there a nice way to assign a string to a variable when it spans many lines?
The reason for this is I have some large SQL statements (which I want in the pas) but it's annoying like this
var
sql : string;
begin
sql := 'SELECT * ' +
'FROM foo ' +
'WHERE `this`=0';
That is annoying to copy and paste into terminal / another program because I have to remove the ' and ' + etc.
Is there a way to so something like...
var
sql : string;
begin
sql := ""SELECT *
FROM foo
WHERE `this`=0"";
So some way to assign a block of text/string with new lines without having to concat it.
As there is no way of expressing strings in this way in SQL, I normally use the RegEx search and replace available in the Delphi IDE to format strings in the required way.
SELECT *
FROM foo
WHERE `this`=0
This replaces any line with the line enclosed in quotes, followed by + sLineBreak +
sql :=
' SELECT *' + sLineBreak +
' FROM foo' + sLineBreak +
' WHERE `this`=0' + sLineBreak +
I then just tidy up the last line:
sql :=
' SELECT *' + sLineBreak +
' FROM foo' + sLineBreak +
' WHERE `this`=0';
Of course the same can be done with any preceding or trailing text, such as qry.SQL.Add('\0');
Your question is:
Can a Delphi string literal span multiple lines?
The answer is no.
Not that I know of (at least not out of the box). Anyway, you might want to take a look at this:
How to assign a multiline string value without quoting each line?
You could keep the SQL in a component which has a TStrings property like TSQLQuery, but my solution for longer / complex statements is to keep an 'example' copy as a source code comment, which has actual parameters to make tests easier, and keep both version in sync.
If you like the way C# does it (like I do), then don't forget to vote for this QC report:
http://qc.embarcadero.com/wc/qcmain.aspx?d=2012
It suggests to make your example look like this:
var
sql : string;
begin
sql := #'SELECT *
FROM foo
WHERE `this`=0';
If you install GExperts in Delphi, the IDE will automatically insert a '+ after pressing >enter< if you're inside a string and haven't closed it yet.
Download link: http://www.gexperts.org/download.html