search

pelias / placeholder

stand-alone coarse geocoder
https://placeholder.demo.geocode.earth
MIT License
313 stars 35 forks source link

[Live mode] Some live-mode queries result in SQL error #227

Open bradjones1 opened 1 year ago

bradjones1 commented 1 year ago

Describe the bug

I run a dating app and use Placeholder to allow users to manually enter their location, or find a location to search. Sometimes users do interesting things, such as entering queries like this:

/parser/search?placetype=locality&mode=live&text=mostly+interested+in+ladys+living+in+and+around+the+southern+and+southwestern+suburbs+of+chicago

Obviously this is not an optimal placename search, but we can't control users. With live mode enabled, I get an HTML error message, even if I request accept: application/json (seems to have no effect.)

SqliteError: near &quot;JOIN&quot;: syntax error<br> &nbsp; &nbsp;at Database.prepare (/code/pelias/placeholder/node_modules/better-sqlite3/lib/methods/wrappers.js:5:21)<br> &nbsp; &nbsp;at TokenIndex.Database.prepare (/code/pelias/placeholder/lib/Database.js:36:32)<br> &nbsp; &nbsp;at TokenIndex.module.exports.matchSubjectObjectGeomIntersects (/code/pelias/placeholder/lib/Queries.js:171:12)<br> &nbsp; &nbsp;at /code/pelias/placeholder/prototype/query.js:65:15<br> &nbsp; &nbsp;at TokenIndex.module.exports._queryAll (/code/pelias/placeholder/lib/Queries.js:56:12)<br> &nbsp; &nbsp;at TokenIndex.module.exports.matchSubjectObject (/code/pelias/placeholder/lib/Queries.js:120:10)<br> &nbsp; &nbsp;at reduce (/code/pelias/placeholder/prototype/query.js:61:11)<br> &nbsp; &nbsp;at _queryGroup (/code/pelias/placeholder/prototype/query.js:88:3)<br> &nbsp; &nbsp;at Placeholder.&lt;anonymous&gt; (/code/pelias/placeholder/prototype/query.js:142:22)<br> &nbsp; &nbsp;at /code/pelias/placeholder/prototype/tokenize.js:15:12

If you turn off live mode, the result is actually pretty close to what the user desires, including Chicago as the first returned result.

Steps to Reproduce

As noted above, run the example query with live mode.

Expected behavior

There is no SQL error and the response is at least valid JSON, even if just an empty set.

Environment (please complete the following information):

Official docker image, version 3.12.0.