Item13396: %DBQUERY% doesn't handle parentheses in single quotes properly

pencil
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release:
Applies To: Extension
Component: DBCachePlugin
Branches:
Reported By: ChrisHoefler
Waiting For:
Last Change By: MichaelDaum
The search syntax for %DBQUERY% uses parentheses, (), as special characters. When I try to query a formfield value that contains (), it doesn't return any search results.

Example, %DBQUERY{"Strain = 'BW25113'"}%

gives me 4 search results, whereas, %DBQUERY{"Strain = 'BL21Star(DE3)'"}%

gives none. When I escape the (), %DBQUERY{"Strain = 'BL21Star\(DE3\)'"}%

I get 6 search results (the correct number). I can only guess that this has something to do with the way the plugin is parsing the query string, but it seems to be ignoring the single quotes around the field value string.

-- ChrisHoefler - 06 May 2015

To specify a string value, you'd always have to use single quotes, even when the value is a regular expression. All operators use a regex match to compare values. So escaping the brackets is the right thing to do. I don't see an error here.

-- MichaelDaum - 06 May 2015

The problem is the value isn't a regular expression. It is a string that contains parentheses. I have this tied to an html form that the user submits to search topics for formfield values, so the right side of the search query is scraped from the url params, ex: %DBQUERY{"lc(Strain) = lc('%URLPARAM{"strain"}%')"}%

For non-technical users, knowing when you need to escape certain types of characters (and having that change in different contexts), is a bit daunting, so ideally they just type their query and it does the search they asked it to do. Also, it seems like a string should be a string, not kind of a string. So if single-quotes are the string delimiters, all characters between the quotes should be treated as literals, not as (possible) control characters.

-- ChrisHoefler - 06 May 2015

Well DBQUERY is not robust enough then to take arbitrary user strings. DBQUERY is more targeted at wiki app programming rather than creating search interfaces. Try SolrPlugin instead. Solr's query parser has put a lot of effort to balance features vs robustness in their (e)dismax implementation. That's probably out of scope to reproduce in DBCacheContrib/Plugin.

-- MichaelDaum - 07 May 2015

Reading the DBCachePlugin docs again, I see that the use of regex by both = and =~ is described. I was assuming = was supposed to evaluate to something like "if ($formfield eq 'string' )", but that is not the case. I will look into SolrPlugin, thanks.

-- ChrisHoefler - 07 May 2015

Yes, I'd share your concerns and expectations. Alas, the underlying search engine was written differently long time ago.

-- MichaelDaum - 07 May 2015
 

ItemTemplate edit

Summary %DBQUERY% doesn't handle parentheses in single quotes properly
ReportedBy ChrisHoefler
Codebase 1.1.9
SVN Range
AppliesTo Extension
Component DBCachePlugin
Priority Normal
CurrentState No Action Required
WaitingFor
Checkins
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release01x01Checkins
Topic revision: r6 - 07 May 2015, MichaelDaum
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy