Quick Links

Re: Safe usage of tsearch2: to_tsquery('<user input>')

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	cluster <skrald(at)amossen(dot)dk>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Safe usage of tsearch2: to_tsquery('<user input>')
Date:	2007-08-04 15:31:10
Message-ID:	16851.1186241470@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

cluster <skrald(at)amossen(dot)dk> writes:
> In a web application I would like to use tsearch2 to search for by-user
> entered key words. That is, the user provides the keywords in a space
> separated list in some input text field. For that I use
> to_tsquery('<user keywords>') but I would like to do this in a safe way
> so that the user cannot misuse to_tsquery() by entering some harmful string.

Isn't plainto_tsquery() what you're looking for?

regards, tom lane

In response to

Safe usage of tsearch2: to_tsquery('<user input>') at 2007-08-04 11:08:13 from cluster

Responses

Re: Safe usage of tsearch2: to_tsquery('<user input>') at 2007-08-05 14:17:07 from cluster

Browse pgsql-general by date

	From	Date	Subject
Next Message	Tom Lane	2007-08-04 15:38:21	Re: could not [extend relation\|write block N of temporary file\|write to hash-join temporary file]
Previous Message	Peter Eisentraut	2007-08-04 15:08:27	Re: pg_restore UTF8 problem