Note that when I mentioned "filter these characters out" I had
something like PatternReplaceCharFilterFactory or LowerCaseTokenizer
in mind rather than you having to do it manually. Doesn't help
figuring out what to escape on the URL though.
Best,
Erick
On Wed, Apr 9, 2014 at 8:05 AM, Shawn Heisey <s...@elyograg.org> wrote:
> On 4/9/2014 8:39 AM, Philip Durbin wrote:
>> Filtering out special characters sounds like a good idea, or possibly
>> escaping some of them. I definitely want to avoid brittleness.
>>
>> Right now I'm passing the query relatively "as is" which means users
>> can type "title:foo" to find documents that have "foo" in the "title"
>> field. But a query for just a colon (":") throws an error
>> (org.apache.solr.search.SyntaxError: Cannot parse ':') so obviously I
>> need to do more processing of the query before I pass it to Solr. I
>> need to escape that colon or something.
>>
>> Is there some general advice on doing some sanity checks or escaping
>> special characters on user-supplied queries before you pass them to
>> Solr? Is it documented in the wiki? I'm using Solrj but I imagine the
>> advice applies to everyone.
>
> SolrJ has the ClientUtils.escapeQueryChars method, which will
> automatically escape any character that has special meaning to the query
> parser. It does so by preceding it with a backslash.
>
> http://lucene.apache.org/solr/4_7_1/solr-solrj/org/apache/solr/client/solrj/util/ClientUtils.html#escapeQueryChars%28java.lang.String%29
>
> You do need to be careful with it, though. For a query formatted like
> field:(value) you'd only want to apply it to the 'value' part, because
> if you applied it to the whole query, the colon and parentheses would
> become part of the query text -- probably not what you want.
>
> Thanks,
> Shawn
>
