I have a problem constructing a bat-Command to be executed on Windows (via Jenkin's declarative pipeline). The path in variable path may contain blanks, so it needs to be quoted.
After some googling, I came up with this:
rjc = bat(script: "\\"${path}\\"" ${cmdline}" , returnStatus: true)
but that errors as follows:
WorkflowScript: 89: unexpected token: $ # line 89, column 50.
rjc = bat(script: "\\"${path}\\"
^
When you use double back slash (\\) the first slash actually escapes the seconds one - which means it is taken as a backslash character instead of an escape operator. so the double quotes (") are actually not escaped, the string is then closed and the dollar sign is unexpected as it has no context.
What you actually want is to escape the double quotes so it will be used as a character instead of closing the string. For that you only need a single back slash:
bat(script: "\"${path}\" ${cmdline}" , returnStatus: true)
Related
Is there a way to convert a quoted string to a multiline string?
Something like "This string \66 here" to [[This string \66 here]] since I would like to ignore the interpretation of escaped characters.
Lua 5.3 Reference Manual 3.1: Lexical Conventions
Literal strings can also be defined using a long format enclosed by
long brackets. We define an opening long bracket of level n as an
opening square bracket followed by n equal signs followed by another
opening square bracket. So, an opening long bracket of level 0 is
written as [[, an opening long bracket of level 1 is written as [=[,
and so on. A closing long bracket is defined similarly; for instance,
a closing long bracket of level 4 is written as ]====]. A long literal
starts with an opening long bracket of any level and ends at the first
closing long bracket of the same level. It can contain any text except
a closing bracket of the same level. Literals in this bracketed form
can run for several lines, do not interpret any escape sequences, and
ignore long brackets of any other level. Any kind of end-of-line
sequence (carriage return, newline, carriage return followed by
newline, or newline followed by carriage return) is converted to a
simple newline.
For convenience, when the opening long bracket is immediately followed
by a newline, the newline is not included in the string.
That's all you need to know about long strings.
It does not make much sense to convert a string that has been defined using quotes "some string" to a string like [[some string]] as both quotes and square brackets are not actually part of that string and the string itself is the same.
The only difference would be a leading newline which is ignored in square brackets or escape sequences which are not interpreted.
Quotes and square brackets are only part of the string if you have nested strings. In this case conversion also doesn't make much sense because you cannot nest strings with quotes like strings with brackets.
Maybe your whole approach is a bit off?
Do you look for something like this?
local db = "google"
local tbl = "accounts"
local where = "field = 'VALUE' AND TRUE"
local order = "id DESC"
local query = string.format([[
SELECT *
FROM `%s`.`%s`
WHERE %s
ORDER BY %s
]], db, tbl, where, order)
I want to define an array in ruby in following manner
A = ["\"]
I am stuck here for hours now. Tried several possible combinations of single and double quotes, forward and backward slashes. Alas !!
I have seen this link as well : here
But couldn't understand how to resolve my problem.
Apart from this what I need to do is -
1. Read a file character by character (which I managed to do !)
2. This file contains a "\" character
3. I want to do something if my array A includes this backslash
A.includes?("\")
Any help appreciated !
There are some characters which are special and need to be escaped.
Like when you define a string
str = " this is test string \
and this contains multiline data \
do you understand the backslash meaning here \
it is being used to denote the continuation of line"
In a string defined in a double quotes "", if you need to have a double quote how would you doo that? "\"", this is why when you put a backslash in a string you are telling interpretor you are going to use some special characters and which are escaped by backslash. So when you read a "\" from a file it will be read as "\" this into a ruby string.
char = "\\"
char.length # => 1
I hope this helps ;)
Your issue is not with Array, your question really involves escape sequences for special characters in strings. As the \ character is special, you need to first prepend it (escape it) with a leading backslash, like so.
"\\"
You should also re-read your link and the section on escape sequences.
You can escape backslash with a backslash in double quotes like:
["\\"].include?("\\")
Is there any difference between enclosing grep patterns in single and double quotes?
grep "abc" file.txt
and
grep 'abc' file.txt
I'm asking since there's no way I could test all possible cases on my own, and I don't want to stumble into a case that I get wrong :)
I see a difference if you have special characters :
Ex :
grep "foo$barbase" file.txt
The shell will try to expand the variable $barbase, this is maybe not what you intended to do.
If instead you type
grep 'foo$barbase' file.txt
$bar is taken literally.
Finally, always prefer single quotes by default, it's stronger.
In double quote, the following characters has special meanings: ‘$’,
‘`’, ‘\’, and, when history expansion is enabled, ‘!’.
The characters ‘$’ and ‘’ retain their special meaning within double
quotes ($ for variables and for executing).
The special parameters ‘*’ and ‘#’ retain their special meaning in
double quotes as inputs when proceeded by $.
‘$’, ‘`’, ‘"’, ‘\’, or newline can be escaped by preceding them with
a backslash.
The backslash retains its special meaning when followed by ‘$’, ‘`’,
‘"’, ‘\’, or newline. Backslashes preceding characters without a
special meaning are left unmodified.
Also it will be helpful to check shell expansions:
https://www.gnu.org/software/bash/manual/html_node/Shell-Expansions.html#Shell-Expansions
Single quote ignore shell expansions.
I have been trying to figure out how exactly \x00, \n, \r, \, or \x1a can cause an SQL Injection (as it is mentioned at http://nl3.php.net/manual/en/function.mysql-real-escape-string.php)
I understand the idea of single quote and double quotes, but how and why I need to take care of the other items to make my query safe?
I was wondering about the same question and I found the answer in the C API documentation of MySQL, it states:
Characters encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and
Control+Z (\x1a). Strictly speaking, MySQL requires only that backslash and
the quote character used to quote the string in the query be escaped.
mysql_real_escape_string() quotes the other characters to make them
easier to read in log files.
It is also explained in String Literals that:
The mysql client truncates quoted strings containing NUL characters if
they are not escaped, and Control+Z may be taken for END-OF-FILE on
Windows if not escaped.
The NUL character represents the end of a string in C language, so this can falsely terminate the input argument of the mysql client program. Same thing for \x1a, it marks the end-of-file under Windows (try type test.txt in a command prompt with a \x1a character in the middle of the file).
The main point is that an admin can miss important information in a log file if his log file reader doesn't show the data beyond one of these characters. But who still uses precarious type command or equivalent under Windows to read a log file anyway?
In other terms, there is no danger with \n, \r, \0 or \x1a in PHP, other than potentially making a log file difficult to read.
As for the backslash, \' OR 1==1 would be converted to \\' OR 1==1 if it was not escaped too, cancelling the effect of the escaping of the quote.
let's assume you have
$SQL="select * from mytable where myfield='$uservalue'"
\ -> \:
try \' or 1=1; --', after escaping the quote, you would get \\' or 1=1; --' and the SQL would be select * from mytable where myfield='\\' or 1=1; --'
\x00
Not important for PHP, but for C
Sorry, too lazy for the rest.
How do I remove this backslash?
s = "\""
I have tried s.gsub("\\", "") and that doesn't remove it, it returns the same string.
there's actually no backslash character in your String. The Backslash in your example simply escapes the following double quote and prevent's that it would terminate the string and thereby resulting in a syntax error (unterminated double quote ).
So what you see when you print that string in IRB is actually not the backslash as is, but the backslash in combination with the following dobule quote as an indication that the double quote is escaped. Kind of hard to grasp when you encounter it the first time. Have a look at http://en.wikibooks.org/wiki/Ruby_Programming/Strings#Escape_sequences
long story short: there is no backslash in your string so you can't remove it :)
gsub takes a regular expression as the first parameter. I believe that if you pass it a string, it will first convert it into a regex. This means you need extra escaping:
s.gsub("\\\\", "")
If you use regex notation, you can stop it from doubling up:
s.gsub(/\\/, "")
This is because you don't have to escape twice: once because double-quoted strings need you to escape the \ character, and once because the regular expression requires you to as well.
that's actually an escape quote sign (do a print s to see it)
I'm not sure if this is a solution to YOUR problem, but seeing that this is one of the first SO questions I looked at when trying to solve my problem and have in fact, solved it, here is what I did to fix my problem.
So I had some CSV.read output with a load of \ (backslashes) and unwanted quotation marks.
arr_of_arrays = CSV.read("path/to/file.csv")
processed_csv = arr_of_arrs.map {|t| eval(t)}
the key here is the eval() method.