[Koha-devel] RC11 searching, more comments.

Chris Cormack chris at katipo.co.nz
Wed Sep 11 21:09:03 CEST 2002 

On Thu, Sep 12, 2002 at 01:41:25PM +1000, rbrown64 at csc.com.au said:
> MySql seems to be robust with respect to unbackslashed apostrophe '
> characters.
> According to the SQL standard, you quote apostrophe characters by doubling
> them up
> - I don't have the mysql documentation handy to know whether backslashing
> should work.
> I haven't added an entry to check that searching for something like "It's
> isn't" would find anything.
> 
Hi there

Searching for it's on hlt.katipo.co.nz (the demo site) returns results.
But you are right ' are being handled wrongly in some places. We are working
through fixing the code to use either the DBI quote routine, or using ?
wildcards to get the DBD code to escape characters for us.

Eg $title=$dbh->quote($title);
$query="Select * from biblio where title = $title";

or 
$query="Select * from biblio where title = ?";
$sth=$dbh->prepare($query);
$sth->execute($title);

I prefer the second method, but sometimes when you are building complex
queries using if statements you need to use the quote method.

> (This is testing with the librarian interface - assuming that the public
> interface is the same).
> The searches don't seem to guard the input string except to require it to
> be non-blank.
> This means that searches like "%" or "_" as SQL wildcards will select all
> rows and single letter
> searches would select all rows on which a searched column contains a word
> beginning with that
> letter. Similar single common words "the", .... could give large result
> sets.
> This could be slow and expensive on large databases.

Yep single letter searches and _ return large result sets, % is trapped in
search.pl and is not passed through to Search.pm. Ill fix the other 2 now.
There is a stopwords table which we need to turn on again. Which will strip
the common words
> 
> On the sample database, when the list of results wouldn't fit on one page,
> moving to the
> next pageful with the right-arrow worked fine - but trying to jump to a
> particular page using
> the numbers gave a nothing found page.
> (I'm running on Debian so this could be associated with MySQL version if it
> isn't repeatable).
> 
No errors in the error_log ?

Chris
-- 
Chris Cormack                                                     Programmer
025 500 789                                        Katipo Communications Ltd
chris at katipo.co.nz                                          www.katipo.co.nz

More information about the Koha-devel mailing list