In a web application I would like to use tsearch2 to search for by-user
entered key words. That is, the user provides the keywords in a space
separated list in some input text field. For that I use
to_tsquery('<user keywords>') but I would like to do this in a safe way
so that the user cannot misuse to_tsquery() by entering some harmful string.
That is, a user input like
"cars ford fast"
should be translated to
"to_tsquery('cars|ford|fast')"
in a safe way.
How can I do that?
(I use postgresql from PHP)
cluster <skrald@amossen.dk> writes:
> In a web application I would like to use tsearch2 to search for by-user
> entered key words. That is, the user provides the keywords in a space
> separated list in some input text field. For that I use
> to_tsquery('<user keywords>') but I would like to do this in a safe way
> so that the user cannot misuse to_tsquery() by entering some harmful string.
Isn't plainto_tsquery() what you're looking for?
regards, tom lane
> Isn't plainto_tsquery() what you're looking for? Yes if plainto_tsquery() is safe enough for inputting user search keywords it looks like it is. I didn't knew it existed. Thanks
Сайт использует файлы cookie для корректной работы и повышения удобства. Нажимая кнопку «Принять» или продолжая пользоваться сайтом, вы соглашаетесь на их использование в соответствии с Политикой в отношении обработки cookie ООО «ППГ», в том числе на передачу данных из файлов cookie сторонним статистическим и рекламным службам. Вы можете управлять настройками cookie через параметры вашего браузера