MySql seems to be robust with respect to unbackslashed apostrophe ' characters. According to the SQL standard, you quote apostrophe characters by doubling them up - I don't have the mysql documentation handy to know whether backslashing should work. I haven't added an entry to check that searching for something like "It's isn't" would find anything. (This is testing with the librarian interface - assuming that the public interface is the same). The searches don't seem to guard the input string except to require it to be non-blank. This means that searches like "%" or "_" as SQL wildcards will select all rows and single letter searches would select all rows on which a searched column contains a word beginning with that letter. Similar single common words "the", .... could give large result sets. This could be slow and expensive on large databases. On the sample database, when the list of results wouldn't fit on one page, moving to the next pageful with the right-arrow worked fine - but trying to jump to a particular page using the numbers gave a nothing found page. (I'm running on Debian so this could be associated with MySQL version if it isn't repeatable).
On Thu, Sep 12, 2002 at 01:41:25PM +1000, rbrown64@csc.com.au said:
MySql seems to be robust with respect to unbackslashed apostrophe ' characters. According to the SQL standard, you quote apostrophe characters by doubling them up - I don't have the mysql documentation handy to know whether backslashing should work. I haven't added an entry to check that searching for something like "It's isn't" would find anything.
Hi there Searching for it's on hlt.katipo.co.nz (the demo site) returns results. But you are right ' are being handled wrongly in some places. We are working through fixing the code to use either the DBI quote routine, or using ? wildcards to get the DBD code to escape characters for us. Eg $title=$dbh->quote($title); $query="Select * from biblio where title = $title"; or $query="Select * from biblio where title = ?"; $sth=$dbh->prepare($query); $sth->execute($title); I prefer the second method, but sometimes when you are building complex queries using if statements you need to use the quote method.
(This is testing with the librarian interface - assuming that the public interface is the same). The searches don't seem to guard the input string except to require it to be non-blank. This means that searches like "%" or "_" as SQL wildcards will select all rows and single letter searches would select all rows on which a searched column contains a word beginning with that letter. Similar single common words "the", .... could give large result sets. This could be slow and expensive on large databases.
Yep single letter searches and _ return large result sets, % is trapped in search.pl and is not passed through to Search.pm. Ill fix the other 2 now. There is a stopwords table which we need to turn on again. Which will strip the common words
On the sample database, when the list of results wouldn't fit on one page, moving to the next pageful with the right-arrow worked fine - but trying to jump to a particular page using the numbers gave a nothing found page. (I'm running on Debian so this could be associated with MySQL version if it isn't repeatable).
No errors in the error_log ? Chris -- Chris Cormack Programmer 025 500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz
On Thu, 12 Sep 2002, Chris Cormack wrote:
On the sample database, when the list of results wouldn't fit on one page, moving to the next pageful with the right-arrow worked fine - but trying to jump to a particular page using the numbers gave a nothing found page. (I'm running on Debian so this could be associated with MySQL version if it isn't repeatable).
No errors in the error_log ?
This is a known problem with the template. It's fixed in CVS now. Steve.
Yep single letter searches and _ return large result sets, % is trapped in search.pl and is not passed through to Search.pm. Ill fix the other 2 now. There is a stopwords table which we need to turn on again. Which will strip the common words
Would it be possible to speed things up here without so many special cases by using LIMIT or cursors with ORDER BY, to only ask the database for some of the possible results? - Daniel Holth
On Thu, Sep 12, 2002 at 01:41:25PM +1000, rbrown64@csc.com.au said:
MySql seems to be robust with respect to unbackslashed apostrophe ' characters. According to the SQL standard, you quote apostrophe characters by doubling them up - I don't have the mysql documentation handy to know whether backslashing should work. I haven't added an entry to check that searching for something like "It's isn't" would find anything.
Sorry, further to my last reply. The Search.pm module hasnt gotten a lot of love lately, thats mostly because it works, and that its going to need a complete overhaul when 1.3 comes along. But Ill go through and fix up these glitches now for the 1.2 tree. Thanks for spotting them Chris -- Chris Cormack Programmer 025 500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz
participants (4)
-
Chris Cormack -
Daniel Holth -
rbrown64@csc.com.au -
Tonnesen Steve