Ah, yes, On Thu, Apr 8, 2010 at 11:07, Amir Yalon <[email protected]> wrote:
I would still like to hear how other people sanitize user input for use > inside :match_mode => :extended queries. While pollution in these queries is > not a threat like SQL injection, it can still undesirably affect the search. > > I currently have this in my code: .gsub(/[-!()=~\/@*,|<\[\]$"^]/, " ") applied to user input, which needs to be revised. For example, it swallows every "-" character, not just those following whitespaces. > >> On 24/03/2010, at 5:13 PM, nnn wrote: >> >> > I'm not sure if this question should be here, but I like to hear your >> > voice. >> > >> > in ActiveRecord, we use [] to avoid SQL inject. >> > like this : Article.find(:all, :conditions => ['name >> > like ?',"params[:search]"]). >> > In TS, how to do that? >> > >> > -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
