问题
in the sphinx changelog it says for 0.9.8:
"added query escaping support to query language, and EscapeString() API call"
can i assume, that there should be support for escaping special sphinx characters (@, !, -, ...) for sphinxQL, too? if so, maybe someone could point me to an example on this. i'm unable to find anything about it in the documentation or elsewhere on the net.
how do you do fulltext search (using spinxQL), if the search-phrase contains one of the special characters? i don't like the idea very much to "mask" them during indexing.
thanks!
回答1:
There are corresponding functions EscapeString in each API ( php/python/java/ruby ) but to make escaping work with SphinxQL you have to write something similar in your application as SphinxQL hasn't such function.
The function itself is onliner
def EscapeString(self, string):
return re.sub(r"([=\(\)|\-!@~\"&/\\\^\$\=])", r"\\\1", string)
you could easy translate it to code of your application.
回答2:
The PHP version of the sphinxapi escape function did not work for me in tests. Also, it provides no protection against SQL-injection sorts of characters (e.g. single quote).
I needed this function:
function EscapeSphinxQL ( $string )
{
$from = array ( '\\', '(',')','|','-','!','@','~','"','&', '/', '^', '$', '=', "'", "\x00", "\n", "\r", "\x1a" );
$to = array ( '\\\\', '\\\(','\\\)','\\\|','\\\-','\\\!','\\\@','\\\~','\\\"', '\\\&', '\\\/', '\\\^', '\\\$', '\\\=', "\\'", "\\x00", "\\n", "\\r", "\\x1a" );
return str_replace ( $from, $to, $string );
}
Note the extra backslashes on the Sphinx-specific characters. I think what happens is that they put your whole query through an SQL parser, which removes escape backslashes 'extraneous' for SQL purposes (i.e. '\&' -> '&'). Then, it puts the MATCH clause through the fulltext parser, and suddenly '&' is a special character. So, you need the extra backslashes in the beginning.
来源:https://stackoverflow.com/questions/6275042/how-to-escape-special-characters-in-sphinxql-fulltext-search