On 4/9/2014 8:39 AM, Philip Durbin wrote:
> Filtering out special characters sounds like a good idea, or possibly
> escaping some of them. I definitely want to avoid brittleness.
>
> Right now I'm passing the query relatively "as is" which means users
> can type "title:foo" to find documents that have "foo" in the "title"
> field. But a query for just a colon (":") throws an error
> (org.apache.solr.search.SyntaxError: Cannot parse ':') so obviously I
> need to do more processing of the query before I pass it to Solr. I
> need to escape that colon or something.
>
> Is there some general advice on doing some sanity checks or escaping
> special characters on user-supplied queries before you pass them to
> Solr? Is it documented in the wiki? I'm using Solrj but I imagine the
> advice applies to everyone.
SolrJ has the ClientUtils.escapeQueryChars method, which will
automatically escape any character that has special meaning to the query
parser. It does so by preceding it with a backslash.
http://lucene.apache.org/solr/4_7_1/solr-solrj/org/apache/solr/client/solrj/util/ClientUtils.html#escapeQueryChars%28java.lang.String%29
You do need to be careful with it, though. For a query formatted like
field:(value) you'd only want to apply it to the 'value' part, because
if you applied it to the whole query, the colon and parentheses would
become part of the query text -- probably not what you want.
Thanks,
Shawn
