Home > mailing lists

Safe usage of tsearch2: to_tsquery('') - Mailing list pgsql-general

From	cluster
Subject	Safe usage of tsearch2: to_tsquery('')
Date	August 4, 2007 11:08:19
Msg-id	f91mmo$1nfe$1@news.hub.org Whole thread Raw
Responses	Re: Safe usage of tsearch2: to_tsquery('') (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

In a web application I would like to use tsearch2 to search for by-user
entered key words. That is, the user provides the keywords in a space
separated list in some input text field. For that I use
to_tsquery('<user keywords>') but I would like to do this in a safe way
so that the user cannot misuse to_tsquery() by entering some harmful string.
That is, a user input like
    "cars ford fast"
should be translated to
    "to_tsquery('cars|ford|fast')"
in a safe way.

How can I do that?

(I use postgresql from PHP)

pgsql-general by date:

From: Rodrigo De León
Date: 04 August 2007, 06:08:14
Subject: Re: Select question..... is there a way to do this?

From: mwsenecal@yahoo.com
Date: 04 August 2007, 12:53:23
Subject: Re: Require entry of MD5 hash instead of plaintext password?

Safe usage of tsearch2: to_tsquery('') - Mailing list pgsql-general

Previous

Next