Hello, I have a search box on a website that uses FTS5/MATCH.
MATCH seems to take its own custom language for matching. 1. Is it safe to just pass the users query to MATCH ? via the SQLite bind FFI? - This would give them full access to the FTS5 matching language. 2. If not, how should I be sanitising user input? - E.g. How can I transform a string of words and text into a query? What characters should I be removing or escaping? How can I prevent them using the FTS5 keywords "AND" "OR" etc? Thanks _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
