Hi, Thanks, Pat, for the overview about SQL in TS.
I would still like to hear how other people sanitize user input for use inside :match_mode => :extended queries. While pollution in these queries is not a threat like SQL injection, it can still undesirably affect the search. Thanks, Amir On Sun, Mar 28, 2010 at 07:53, Pat Allan <[email protected]> wrote: > Hi there > > You'll want to read over this thread: > > http://groups.google.com/group/thinking-sphinx/browse_thread/thread/fc6882f22bda4480/5bdb831d777aa1d6?lnk=gst&q=sql+injection#5bdb831d777aa1d6 > > In short: Sphinx queries can only return data, not change it, so there > aren't any concerns with SQL injection. > > Cheers > > -- > Pat > > On 24/03/2010, at 5:13 PM, nnn wrote: > > > I'm not sure if this question should be here, but I like to hear your > > voice. > > > > in ActiveRecord, we use [] to avoid SQL inject. > > like this : Article.find(:all, :conditions => ['name > > like ?',"params[:search]"]). > > In TS, how to do that? > > > > -- > > You received this message because you are subscribed to the Google Groups > "Thinking Sphinx" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > [email protected]<thinking-sphinx%[email protected]> > . > > For more options, visit this group at > http://groups.google.com/group/thinking-sphinx?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Thinking Sphinx" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<thinking-sphinx%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/thinking-sphinx?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
