Closed ravage84 closed 8 years ago
wildcardOne does not get escaped properly on MSSQL using CakeDC/search 2.5.1.
wildcardOne
MySQL uses a backslash to escape, like \_ http://stackoverflow.com/questions/17102043/how-to-escape-underscore-in-the-string-query-in-hibernate-and-sql
\_
ProgreSQL seems to do the same. http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html
But MSSQL (once more :facepunch: ) uses brackets to escape, like [_] http://stackoverflow.com/questions/5821/sql-server-2000-5-escape-an-underscore
[_]
This leads to literally interpreted searches, like abc\_def.
abc\_def
The offending lines are: https://github.com/CakeDC/search/blob/2.5.1/Model/Behavior/SearchableBehavior.php#L252 https://github.com/CakeDC/search/blob/2.5.1/Model/Behavior/SearchableBehavior.php#L320
As you see, those lines are almost identical, too. I guess this could be improved by extracting the escaping logic into a separate method or even class.
Fix has been merged.
Megslalk
commented
8 years ago
wildcardOnedoes not get escaped properly on MSSQL using CakeDC/search 2.5.1.MySQL uses a backslash to escape, like
\_http://stackoverflow.com/questions/17102043/how-to-escape-underscore-in-the-string-query-in-hibernate-and-sqlProgreSQL seems to do the same. http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html
But MSSQL (once more :facepunch: ) uses brackets to escape, like
[_]http://stackoverflow.com/questions/5821/sql-server-2000-5-escape-an-underscoreThis leads to literally interpreted searches, like
abc\_def.The offending lines are: https://github.com/CakeDC/search/blob/2.5.1/Model/Behavior/SearchableBehavior.php#L252 https://github.com/CakeDC/search/blob/2.5.1/Model/Behavior/SearchableBehavior.php#L320
As you see, those lines are almost identical, too. I guess this could be improved by extracting the escaping logic into a separate method or even class.