search

dazzling-sky / COMP4111-project

COMP4111 project - RESTful Web Service for Library Book Management
https://course.cse.ust.hk/comp4111/project.html
0 stars 0 forks source link

_ character is not escaped in book lookup #28

Open STommydx opened 4 years ago

STommydx commented 4 years ago

Describe the bug _ character is not escaped in LIKE statements in book searching criteria.

To Reproduce

  1. Login as usual
  2. Add a book that title does not contains _ 
    {
        "Title": "# Book!",
        "Author": "Author",
        "Publisher": "Publisher",
        "Year": "2028"
}
  3. Search book containing title _ GET localhost:8080/BookManagementService/books?token={{token}}&title=_

Expected behavior 204 No Content

What actually happens 200 OK with the book returned

{
    "FoundBooks": 1,
    "Results": [
        {
            "Title": "# Book!",
            "Author": "Author",
            "Publisher": "Publisher",
            "Year": "2028"
        }
    ]
}