Item13396: %DBQUERY% doesn't handle parentheses in single quotes properly
Priority: Normal
Current State: No Action Required
Released In: n/a
Target Release:
The search syntax for %DBQUERY% uses parentheses, (), as special characters. When I try to query a formfield value that contains (), it doesn't return any search results.
Example,
%DBQUERY{"Strain = 'BW25113'"}%
gives me 4 search results, whereas,
%DBQUERY{"Strain = 'BL21Star(DE3)'"}%
gives none. When I escape the (),
%DBQUERY{"Strain = 'BL21Star\(DE3\)'"}%
I get 6 search results (the correct number). I can only guess that this has something to do with the way the plugin is parsing the query string, but it seems to be ignoring the single quotes around the field value string.
--
ChrisHoefler - 06 May 2015
To specify a string value, you'd always have to use single quotes, even when the value is a regular expression. All operators use a regex match to compare values. So escaping the brackets is the right thing to do. I don't see an error here.
--
MichaelDaum - 06 May 2015
The problem is the value isn't a regular expression. It is a string that contains parentheses. I have this tied to an html form that the user submits to search topics for formfield values, so the right side of the search query is scraped from the url params, ex: %DBQUERY{"lc(Strain) = lc('%URLPARAM{"strain"}%')"}%
For non-technical users, knowing when you need to escape certain types of characters (and having that change in different contexts), is a bit daunting, so ideally they just type their query and it does the search they asked it to do. Also, it seems like a string should be a string, not kind of a string. So if single-quotes are the string delimiters, all characters between the quotes should be treated as literals, not as (possible) control characters.
--
ChrisHoefler - 06 May 2015
Well DBQUERY is not robust enough then to take arbitrary user strings. DBQUERY is more targeted at wiki app programming rather than creating search interfaces. Try
SolrPlugin instead. Solr's query parser has put a lot of effort to balance features vs robustness in their (e)dismax implementation. That's probably out of scope to reproduce in
DBCacheContrib/Plugin.
--
MichaelDaum - 07 May 2015
Reading the
DBCachePlugin docs again, I see that the use of regex by both = and =~ is described. I was assuming = was supposed to evaluate to something like "if ($formfield eq 'string' )", but that is not the case. I will look into
SolrPlugin, thanks.
--
ChrisHoefler - 07 May 2015
Yes, I'd share your concerns and expectations. Alas, the underlying search engine was written differently long time ago.
--
MichaelDaum - 07 May 2015