1. 首頁
  2. 問答
  3. 暗號查詢: - 允許在查詢

暗號查詢: - 允許在查詢

2017-09-22 174 views
0

我們通過在查詢語法連接字符串在代碼中創建查詢apostrope(')包含字符串要創建查詢的所有屬性在運行時添加一個節點。暗號查詢: - 允許在查詢

The query is like this in the code where

nodeLabel =String

properties = JSONObject

String query = "CREATE (n:" + nodeLabel + "{" + properties 
        + "}) RETURN n";

錯誤執行查詢創建(n:quiz{name:"1506077464525",createtime:1506077464525,title:"bernoulli's theory",duration:15,privacy:"follower",status:"draft"}) return n with params {} 因爲在java代碼查詢其不允許撇號(')。

同樣的查詢在Neo4j的瀏覽器中執行,而是通過代碼試圖在相同的查詢不執行。

如何解決此問題並允許相同。

問題2: -同樣的,更新所述節點的屬性發生問題。

我試圖代碼,但它給我的系列化錯誤。

Connection connect = null; 
    int status = 00; 
    try { 
     connect = graphdbConnect(); 
     StringBuilder sb = new StringBuilder(); 
     for (Object key : propertiesMap.keySet()) { 

      if (sb.length() != 0) { 
       sb.append(","); 
      } 
       sb.append("n." + key + " = " + propertiesMap.get(key)); 

       System.out.println(sb); 
     } 

     String query = "match (n{name:'" + nodeName + "'}) set {1}" 
       + " return n.name"; 

     query=query.toLowerCase(); 

     try (PreparedStatement preparedStatement = connect.prepareStatement(query)){ 

      preparedStatement.setObject(1,sb); 
      System.out.println(query+" ---> query"); 
      preparedStatement.executeQuery(); 
      status = ServerStatusReport.OK(); 
     } catch (SQLException e) { 
      e.printStackTrace(); 
     }

Error:-Error executing query match (n{name:'1506160405300'}) set n.{1} return n.name with params {1=n.title = Asjdkjsbd's} at org.neo4j.jdbc.Neo4jConnection.executeQuery(Neo4jConnection.java:372) at org.neo4j.jdbc.Neo4jPreparedStatement.executeQuery(Neo4jPreparedStatement.java:46) at com.edubot.server.Neo4jQueries.updateNodeProperty1(Neo4jQueries.java:622) at com.edubot.server.course.CourseNeo4jQueries.updateCourseTitle(CourseNeo4jQueries.java:490) at com.edubot.server.course.CourseServiceImpl.updateCourseTitle(CourseServiceImpl.java:1215) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:587) at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:333) at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:303) at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:373) at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62) at javax.servlet.http.HttpServlet.service(HttpServlet.java:648) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669) at com.edubot.server.CORSFilter.doFilter(CORSFilter.java:51) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:95) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97) at org.eclipse.jetty.server.Server.handle(Server.java:499) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257) at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.IllegalArgumentException: Could not serialize value 1 n.title = Asjdkjsbd's at org.neo4j.jdbc.rest.JsonUtils.serialize(JsonUtils.java:101) at org.neo4j.jdbc.rest.Statement.toJson(Statement.java:48) at org.neo4j.jdbc.rest.Statement.toJson(Statement.java:68) at org.neo4j.jdbc.rest.TransactionalQueryExecutor.post(TransactionalQueryExecutor.java:112) at org.neo4j.jdbc.rest.TransactionalQueryExecutor.commit(TransactionalQueryExecutor.java:135) at org.neo4j.jdbc.rest.TransactionalQueryExecutor.executeQueries(TransactionalQueryExecutor.java:198) at org.neo4j.jdbc.rest.TransactionalQueryExecutor.executeQuery(TransactionalQueryExecutor.java:208) at org.neo4j.jdbc.Neo4jConnection.executeQuery(Neo4jConnection.java:363) ... 38 more

來源

2017-09-22 Vartika

+0

您可以包括實際的錯誤信息?那是查詢您的代碼生成的Cypher打印輸出嗎?我提供了一個答案,應該能夠捕獲Cypher字符串中的所有問題。 – Tezra

回答

0

下面是我用一個字符串轉換成暗號安全引號的字符串的函數。你這樣做的方式很容易被注射。這應該會捕獲代碼中的實際錯誤。

if (!str.contains("\"")) { 
    str= '"' + str + '"'; 
} else if (!str.contains("'")) { 
    str= "'" + str + "'"; 
} else { 
    str= '"' + str.replaceAll("\"", "\"+'\"'+\"").replaceAll("\\+\"\"|\"\"\\+", "") + '"'; 
}

來源

2017-09-22 12:46:54 Tezra

相關問題

 相關問題