Hi Joe, It might be possible when you append the restriction before parsing the user query with the QueryParser, but I'm not sure. I recommend first parsing the query, and then constructing a BooleanQuery with the parsed user query and the e-mail term both as must. Another approach would be to use a QueryFilter. Using a QueryFilter might be the best solution here because the filter is cached, and hence applies very fast on subsequent searches.
Kind regards, Daan -----Original Message----- From: Joe [mailto:[EMAIL PROTECTED] Sent: Thursday, May 24, 2007 15:14 To: java-user@lucene.apache.org Subject: Re: Lucene code injection? Hi, > This sounds good. As for the code injection it is up to you to sanitize > the request before it goes to lucene, probably by filling the email > field yourself and not rely on the user input for the email address I hoped i havent to sanitize the user input cause the email address query is ANDed by the application, after the user finished his input. (user_query) AND (email_query) So is it possible to produce a user_query which will ignore the ANDed (email_query)? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]