如何在 N1QL 中以相同的方式搜索字符串和整数?
How can I search for strings and integers in the same way in N1QL?
所以我有这个 PHP 函数:
public static function findByPageAndFieldContains($recordsPerPage, $page, $field, $searchterm) {
$query = CouchbaseN1qlQuery::fromString('SELECT * FROM `public_portal` WHERE `collection`=$collection AND `'.$field.'` LIKE "%'.$searchterm.'%" ORDER BY `_id` limit $limit offset $offset');
$query->options['$collection'] = static::COLLECTION_NAME;
//$query->options['$field'] = $field;
$query->options['$limit'] = $recordsPerPage;
$query->options['$offset'] = $recordsPerPage*($page-1);
//$query->options['$searchterm'] = $searchterm;
$result = DB::getDB()->query($query);
//var_dump($query);
//var_dump($result);
$objects = array();
foreach($result as $row) {
$object = new static($row->{"public_portal"});
$object->setId($row->{"public_portal"}->{"_id"});
$objects[] = $object;
}
//var_dump($objects);
return $objects;
}
此查询容易受到 n1ql 注入攻击。我知道。为什么?当我使用占位符(现在评论)时,它没有给我任何结果。如果我无法解决问题,我会 post 第二个问题。
这里想问的问题是:
当用户搜索文档时,此功能成功找到文档。但是当一个字段是一个整数时,不会给出任何结果。我试图用“=”替换 LIKE 并删除引号和 %。然后用户可以成功地在整数字段中搜索数字。但是用户不能再搜索字符串字段了。
有什么想法吗?
我明白了。
我刚刚在 n1ql 语句中添加了一个 TOSTRING(),它现在适用于字符串和整数。
public static function findByPageAndFieldContains($recordsPerPage, $page, $field, $searchterm) {
$query = CouchbaseN1qlQuery::fromString('SELECT * FROM `public_portal` WHERE `collection`=$collection AND TOSTRING('.$field.') LIKE "%'.$searchterm.'%" ORDER BY `_id` limit $limit offset $offset');
$query->options['$collection'] = static::COLLECTION_NAME;
//$query->options['$field'] = $field;
$query->options['$limit'] = $recordsPerPage;
$query->options['$offset'] = $recordsPerPage*($page-1);
//$query->options['$searchterm'] = $searchterm;
$result = DB::getDB()->query($query);
//var_dump($query);
//var_dump($result);
$objects = array();
foreach($result as $row) {
$object = new static($row->{"public_portal"});
$object->setId($row->{"public_portal"}->{"_id"});
$objects[] = $object;
}
//var_dump($objects);
return $objects;
return $result;
}
所以我有这个 PHP 函数:
public static function findByPageAndFieldContains($recordsPerPage, $page, $field, $searchterm) {
$query = CouchbaseN1qlQuery::fromString('SELECT * FROM `public_portal` WHERE `collection`=$collection AND `'.$field.'` LIKE "%'.$searchterm.'%" ORDER BY `_id` limit $limit offset $offset');
$query->options['$collection'] = static::COLLECTION_NAME;
//$query->options['$field'] = $field;
$query->options['$limit'] = $recordsPerPage;
$query->options['$offset'] = $recordsPerPage*($page-1);
//$query->options['$searchterm'] = $searchterm;
$result = DB::getDB()->query($query);
//var_dump($query);
//var_dump($result);
$objects = array();
foreach($result as $row) {
$object = new static($row->{"public_portal"});
$object->setId($row->{"public_portal"}->{"_id"});
$objects[] = $object;
}
//var_dump($objects);
return $objects;
}
此查询容易受到 n1ql 注入攻击。我知道。为什么?当我使用占位符(现在评论)时,它没有给我任何结果。如果我无法解决问题,我会 post 第二个问题。
这里想问的问题是: 当用户搜索文档时,此功能成功找到文档。但是当一个字段是一个整数时,不会给出任何结果。我试图用“=”替换 LIKE 并删除引号和 %。然后用户可以成功地在整数字段中搜索数字。但是用户不能再搜索字符串字段了。 有什么想法吗?
我明白了。 我刚刚在 n1ql 语句中添加了一个 TOSTRING(),它现在适用于字符串和整数。
public static function findByPageAndFieldContains($recordsPerPage, $page, $field, $searchterm) {
$query = CouchbaseN1qlQuery::fromString('SELECT * FROM `public_portal` WHERE `collection`=$collection AND TOSTRING('.$field.') LIKE "%'.$searchterm.'%" ORDER BY `_id` limit $limit offset $offset');
$query->options['$collection'] = static::COLLECTION_NAME;
//$query->options['$field'] = $field;
$query->options['$limit'] = $recordsPerPage;
$query->options['$offset'] = $recordsPerPage*($page-1);
//$query->options['$searchterm'] = $searchterm;
$result = DB::getDB()->query($query);
//var_dump($query);
//var_dump($result);
$objects = array();
foreach($result as $row) {
$object = new static($row->{"public_portal"});
$object->setId($row->{"public_portal"}->{"_id"});
$objects[] = $object;
}
//var_dump($objects);
return $objects;
return $result;
}