Thanks. That's what I wanted to know. Micah
Walter Underwood wrote: > Also, this page has a list of special characters that you may want > to escape: > > http://lucene.apache.org/java/docs/queryparsersyntax.html > > wunder > > On 11/6/07 9:15 AM, "Walter Underwood" <[EMAIL PROTECTED]> wrote: > >> Solr queries can't do updates, so passing on raw user queries is OK. >> >> Solr errors for bad query syntax are not pretty, so you will want to >> catch those and print a real error message. >> >> wunder >> >> On 11/6/07 8:52 AM, "Micah Wedemeyer" <[EMAIL PROTECTED]> wrote: >> >>> Are there any security risks to passing a query directly to Solr without >>> doing any sort of escaping? I am using URL encoding, so '&' and such >>> are being encoded into their %XX equivalents. >>> >>> Still, should I be doing anything else? Is there such a thing as a >>> Solr-injection attack? >>> >>> Thanks, >>> Micah > >
