Quick Links

Safe usage of tsearch2: to_tsquery('<user input>')

From:	cluster <skrald(at)amossen(dot)dk>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Safe usage of tsearch2: to_tsquery('<user input>')
Date:	2007-08-04 11:08:13
Message-ID:	f91mmo$1nfe$1@news.hub.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

In a web application I would like to use tsearch2 to search for by-user
entered key words. That is, the user provides the keywords in a space
separated list in some input text field. For that I use
to_tsquery('<user keywords>') but I would like to do this in a safe way
so that the user cannot misuse to_tsquery() by entering some harmful string.
That is, a user input like
"cars ford fast"
should be translated to
"to_tsquery('cars|ford|fast')"
in a safe way.

How can I do that?

(I use postgresql from PHP)

Responses

Re: Safe usage of tsearch2: to_tsquery('<user input>') at 2007-08-04 15:31:10 from Tom Lane

Browse pgsql-general by date

	From	Date	Subject
Next Message	Raymond O'Donnell	2007-08-04 13:11:01	Re: date ranges
Previous Message	Rodrigo De León	2007-08-04 06:08:08	Re: Select question..... is there a way to do this?