Skip to content

Add a helper function to escape filters correctly #49

New issue
New issue
Open
Open
Add a helper function to escape filters correctly#49
Labels
enhancementNew feature or requestgood first issueGood for newcomers
@alexander-schranz

Description

@alexander-schranz
alexander-schranz
opened on Nov 16, 2023

Description

If have something like:

$query = 'tags = ' . $filter;

The filter need to be escaped. Normally I would expect something like:

$query = 'tags = ' . addslashes($filter);

but that is not true was && is used. So it need to be also added to escaping. I currently did go with:

$query = 'tags = "' . addcslashes($filter, '"&') . '"';

Steps to reproduce

$filter = "The 17\" O'Conner && O`Series \n OR a || 1%2 book?";

Expected Behavior

Provide a Helper Class / Function which provides correct escaping for typesense query builder.

$query = 'tags = ' . Helper::escape(addcslashes($filter, '"&'));

Actual Behavior

No documentation or helper method currently provided what need to be escaped and what not.

Metadata

Typesense Version:

OS:

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions