Also, this page has a list of special characters that you may want to escape:
http://lucene.apache.org/java/docs/queryparsersyntax.html wunder On 11/6/07 9:15 AM, "Walter Underwood" <[EMAIL PROTECTED]> wrote: > Solr queries can't do updates, so passing on raw user queries is OK. > > Solr errors for bad query syntax are not pretty, so you will want to > catch those and print a real error message. > > wunder > > On 11/6/07 8:52 AM, "Micah Wedemeyer" <[EMAIL PROTECTED]> wrote: > >> Are there any security risks to passing a query directly to Solr without >> doing any sort of escaping? I am using URL encoding, so '&' and such >> are being encoded into their %XX equivalents. >> >> Still, should I be doing anything else? Is there such a thing as a >> Solr-injection attack? >> >> Thanks, >> Micah >
