typesense-php icon indicating copy to clipboard operation
typesense-php copied to clipboard
verified publisher icon typesense

Add a helper function to escape filters correctly

Open alexander-schranz opened this issue 2 years ago • 1 comments

Description

If have something like:

$query = 'tags = ' . $filter;

The filter need to be escaped. Normally I would expect something like:

$query = 'tags = ' . addslashes($filter);

but that is not true was && is used. So it need to be also added to escaping. I currently did go with:

$query = 'tags = "' . addcslashes($filter, '"&') . '"';

Steps to reproduce

$filter = "The 17\" O'Conner && O`Series \n OR a || 1%2 book?";

Expected Behavior

Provide a Helper Class / Function which provides correct escaping for typesense query builder.

$query = 'tags = ' . Helper::escape(addcslashes($filter, '"&'));

Actual Behavior

No documentation or helper method currently provided what need to be escaped and what not.

Metadata

Typesense Version:

OS:

alexander-schranz avatar Nov 16 '23 20:11 alexander-schranz

I am struggling with tag handling also

surprisingly difficult unhandled use case

niccolox avatar Apr 18 '24 00:04 niccolox