I have windows 10 and installed GNU Make 4.3 Built for Windows32. This is my first time using GNU make and it gave me an error like this
.env:6: *** unterminated variable reference. Stop.
my .env file contain
POSTGRES_USER="postgres"
POSTGRES_PASS="<MY_DB_PASS>"
POSTGRES_DB="<MY_DB>"
PG_HOST="localhost"
PG_PORT="5432"
SECRET_KEY="<MY_SECRET_KEY>"
DEBUG=True
ALLOWED_HOSTS="localhost 127.0.0.1"
You may think that you're saving yourself by adding quotes. And, if this variable is parsed by a shell then you are.
But, make doesn't use quotes. The value of a variable is the complete contents to the right of the equal sign (after any initial whitespace is skipped). So for example:
POSTGRES_USER="postgres"
If parsed by the shell, the value of the POSTGRES_USER variable is postgres because the shell interprets the quotes. But make doesn't interpret quotes so the above line results in POSTGRES_USER make variable having the value "postgres" (including the quotes).
Now for your issue. Line 6 of your file is:
SECRET_KEY="<MY_SECRET_KEY>"
and you don't show us the text of your secret key.
First, this is wrong even in shell syntax: you must use single-quotes here not double quotes, and even that will not be right if your secret key contains single quotes itself; you'd have to escape that.
However that error means that in your secret key you have the character sequence $( or ${ which make interprets as starting a variable reference: since there is no close paren or brace you get this error.
The short answer is, there's no portable way to use the same file sourced by both make and the shell if the values of the variable assignments contain any sort of special character (including whitespace).
Usually people do something like base64 encode their secret keys, so that those special characters are not a problem.
Related
I am working on a flex parser using flex 2.6.4 with the -s option specified, a particular start condition has the following patterns (I am trying to read everything to the next unescaped newline):
\\(.|\n)
[^\\\n]+
\n
Yet I get the warning: "-s option given but default rule can be matched"
I don't see any holes in the above pattern set, am I missing something or is this a flex error?
Your set of rules does not match a backslash at the end of the file.
Your first rule requires the backslash to be followed by something and the other ones don't match backslashes at all.
I am following instructions from this link on how to append Stata files via a foreach loop. I think that it's pretty straightforward.
However, when I try to refer to each f in datafiles in my foreach loop, I receive the error:
invalid `
I've set my working directory and the data is in a subfolder called csvfiles. I am trying to call each file f in the csvfiles subfolder using my local macro datafiles and then append each file to an aggregate Stata dataset called data.dta.
I've included the code from my do file below:
clear
local datafiles: dir "csvfiles" files "*.csv"
foreach f of local datafiles {
preserve
insheet using “csvfiles\`f'”, clear
** add syntax here to run on each file**
save temp, replace
restore
append using temp
}
rm temp
save data.dta, replace
The backslash character has meaning to Stata: it will prevent the interpretation of any following character that has a special meaning to Stata, in particular the left single quote character
`
will not be interpreted as indicating a reference to a macro.
But all is not lost: Stata will allow you to use the forward slash character in path names on any operating system, and on Windows will take care of doing what must be done to appease Windows. Replacing your insheet command with
insheet using “csvfiles/`f'”, clear
should solve your problem.
Note that the instructions you linked to do exactly that; some of the code includes backslashes in path names, but where a macro is included, forward slashes are used instead.
I am newbie in Lua. I write a script in which there is a line
ISH_activation.getState() = CONST_ACTIVATION_STATE$ON
Then, I need to write another C++ script to read this line from Lua and parse it. Now the problem is that, when I try to debug the lua script itself, at this line it gives me the error "unexpected symbol near '$'".
I don't know why this would happen. Is format like "CONST_ACTIVATION_STATE$ON" not allowed in Lua? And is "$" a special character in Lua that we cannot use it?(But I didn't find anything mentioning this)....
Well, did you find anything saying that you can use $? :)
Yes, you cannot use dollar signs in identifiers. From the manual:
Names (also called identifiers) in Lua can be any string of letters, digits, and underscores, not beginning with a digit. Identifiers are used to name variables, table fields, and labels.
If you really want to keep the dollar sign you could use strings instead
"CONST_ACTIVATION_STATE$ON"
\newenvironment{nameOfEnvironment}[1][]%
Can someone explain the empty bracket?
You should consider reading Is there a comprehensive and complete LaTeX reference? where you'll find information on all sorts of LaTeX2e sources.
Technically, \newenvironment{<cmd>}[<num>][<default>]{<beg-def>}{<end-def>} uses \newcommand as base, so understanding the latter will help you understand the former.
Specific to your case, LaTeX2e for authors user guide mentions the following about \newcommand:
...the command:
\newcommand{<cmd>}[<num>][<default>]{<definition>}
defines <cmd> to be a command with <num> arguments, the first of which is
optional and has default value <default>.
Note that there can only be one optional argument but, as before, there can be
up to nine arguments in total.
So,
\newenvironment{nameOfEnvironment}[1][]%
{<beg-def>}
{<end-def>}
defines an environment nameOfEnvironment that takes a single argument (as a result of [1]). This single argument is an optional argument (as a result of the second []) that, if not specified, has an empty default value.
You would be able to use it as
\begin{nameOfEnvironment}
<stuff>
\end{nameOfEnvironment}
or
\begin{nameOfEnvironment}[something]
<stuff>
\end{nameOfEnvironment}
In the former case, the optional argument #1 is empty, while the second has an optional argument value of something.
The following explanation is taken from LaTeX: Structured documents for TeX (unofficial LaTeX reference manual):
13.5 \newenvironment & \renewenvironment
Synopses:
\newenvironment[*]{env}[nargs][default]{begdef}{enddef}
\renewenvironment[*]{env}[nargs]{begdef}{enddef}
These commands define or redefine an environment env, that is, \begin{env} ... \end{env}.
*
The *-form of these commands requires that the arguments (not the contents
of the environment) not contain multiple paragraphs of text.
env
The name of the environment. For \newenvironment, env must not be
an existing environment, and the command \env must be undefined. For
\renewenvironment, env must be the name of an existing environment.
nargs
An integer from 1 to 9 denoting the number of arguments of the newly-defined
environment. The default is no arguments.
default
If this is specified, the first argument is optional, and default gives the default value for that argument.
begdef
The text expanded at every occurrence of \begin{env}; a construct of the form #n in begdef is replaced by the text of the nth argument.
enddef
The text expanded at every occurrence of \end{env}. It may not contain any
argument parameters.
I have been trying to figure out how exactly \x00, \n, \r, \, or \x1a can cause an SQL Injection (as it is mentioned at http://nl3.php.net/manual/en/function.mysql-real-escape-string.php)
I understand the idea of single quote and double quotes, but how and why I need to take care of the other items to make my query safe?
I was wondering about the same question and I found the answer in the C API documentation of MySQL, it states:
Characters encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and
Control+Z (\x1a). Strictly speaking, MySQL requires only that backslash and
the quote character used to quote the string in the query be escaped.
mysql_real_escape_string() quotes the other characters to make them
easier to read in log files.
It is also explained in String Literals that:
The mysql client truncates quoted strings containing NUL characters if
they are not escaped, and Control+Z may be taken for END-OF-FILE on
Windows if not escaped.
The NUL character represents the end of a string in C language, so this can falsely terminate the input argument of the mysql client program. Same thing for \x1a, it marks the end-of-file under Windows (try type test.txt in a command prompt with a \x1a character in the middle of the file).
The main point is that an admin can miss important information in a log file if his log file reader doesn't show the data beyond one of these characters. But who still uses precarious type command or equivalent under Windows to read a log file anyway?
In other terms, there is no danger with \n, \r, \0 or \x1a in PHP, other than potentially making a log file difficult to read.
As for the backslash, \' OR 1==1 would be converted to \\' OR 1==1 if it was not escaped too, cancelling the effect of the escaping of the quote.
let's assume you have
$SQL="select * from mytable where myfield='$uservalue'"
\ -> \:
try \' or 1=1; --', after escaping the quote, you would get \\' or 1=1; --' and the SQL would be select * from mytable where myfield='\\' or 1=1; --'
\x00
Not important for PHP, but for C
Sorry, too lazy for the rest.