Hi there You'll want to read over this thread: http://groups.google.com/group/thinking-sphinx/browse_thread/thread/fc6882f22bda4480/5bdb831d777aa1d6?lnk=gst&q=sql+injection#5bdb831d777aa1d6
In short: Sphinx queries can only return data, not change it, so there aren't any concerns with SQL injection. Cheers -- Pat On 24/03/2010, at 5:13 PM, nnn wrote: > I'm not sure if this question should be here, but I like to hear your > voice. > > in ActiveRecord, we use [] to avoid SQL inject. > like this : Article.find(:all, :conditions => ['name > like ?',"params[:search]"]). > In TS, how to do that? > > -- > You received this message because you are subscribed to the Google Groups > "Thinking Sphinx" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/thinking-sphinx?hl=en. > -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
