search

tombatron / NRedisGraph

28 stars 8 forks source link

Escaping query parameters #4

Closed avifatal closed 4 years ago

avifatal commented 4 years ago

Hi, I have some odd use-cases that I can't really put my finger on... I am getting errors about un-escaped parameters, The bellow function received an object and internally convert it to a dictionary. I have attached a screenshot that previews the dictionary. ontop of that, I have some other use cases of emojis throwing the same errors, but I can really put my finger on it...

//success
services.RedisGraphClient.Execute("CREATE (a:Test {SomeString: $SomeString})", new { SomeString = "dsfdsfdss\"" });

//fails
services.RedisGraphClient.Execute("CREATE (a:Test {SomeString: $SomeString})", new { SomeString = "ds\" fdsfdss\"" });
//fails
services.RedisGraphClient.Execute("CREATE (a:Test {SomeString: $SomeString})", new { SomeString = "dsfdsfdss\"#" });

Thanks

image

tombatron commented 4 years ago

I think I've got a fix for (me) not properly escaping the quotes in the parameters there (new release shortly).

I also tried to create a node with an emoji as a value and it crashed my Redis instance...

"GRAPH.QUERY" "whatever" "CYPHER SometString=\"\xe1\xbd\xa42\" CREATE (a:Test {SomeString: $SomeString})"

I think I'm going to open an issue for that on the RedisGraph tracker. :thinking:

EDIT:

I just noticed that I had a typo in my test query. I was able to create a node with an emoji as a value once I corrected my typo.

How are you storing emojis?

tombatron commented 4 years ago

Version 1.2 of NRediSearch should be available shortly.