SphinxSE 中的转义特殊字符
我使用 sphinx 存储引擎实现在我的网站上进行搜索,效果相当好,但是当搜索包含诸如 & 之类的字符时,效果相当好。和@,搜索失败并出现以下错误:
There was a problem processing the query on the foreign data source. Data source error: search query already specified
并且 php 抛出此错误:
Warning: mysql_query() [function.mysql-query]: Unable to save result set in /home/path/to/file.php on line 100
我使用 mysql_real_escape_string 转义用户的输入
有趣的是,如果我复制查询并直接在 phpmyadmin 中运行它,我不会收到任何错误。
query = '@title("cheese & cake");limit=1000filter=type=1;ranker=sph04;mode=extended;sort=extended:@weight desc;'
Im using sphinx storage engine implementation for searching on my site, which works fairly well, however when a search includes characters such as & and @, the search fails with the following error:
There was a problem processing the query on the foreign data source. Data source error: search query already specified
and php throws this error:
Warning: mysql_query() [function.mysql-query]: Unable to save result set in /home/path/to/file.php on line 100
Im escaping the user's input with mysql_real_escape_string
Whats interesting is if I copy the query and run it in phpmyadmin directly, I get no errors.
query = '@title("cheese & cake");limit=1000filter=type=1;ranker=sph04;mode=extended;sort=extended:@weight desc;'
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Sphinxql 中的字符转义是一个棘手的主题...我不确定它是否已完全正式解决。 mysql_real_escape_string 不会处理特殊的 Sphinx 查询字符。
他们确实在 sphinxapi.php 中提供了转义函数:
请注意,这不会专门处理 SQL 转义字符(例如,没有单引号替换)。事实上,我测试过它,它甚至不适用于狮身人面像角色。
您需要此函数:
请注意 Sphinx 特定字符上的额外反斜杠。我认为发生的情况是,他们将整个查询通过 SQL 解析器,该解析器删除了用于 SQL 目的的“无关”转义反斜杠(即“\&”->“&”)。然后,它将 MATCH 子句放入全文解析器,然后突然出现“&”是一个特殊字符。因此,您需要在开头添加额外的反斜杠。
, '\\\=', "\\'", "\\x00", "\\n", "\\r", "\\x1a" ); return str_replace ( $from, $to, $string ); }请注意 Sphinx 特定字符上的额外反斜杠。我认为发生的情况是,他们将整个查询通过 SQL 解析器,该解析器删除了用于 SQL 目的的“无关”转义反斜杠(即“\&”->“&”)。然后,它将 MATCH 子句放入全文解析器,然后突然出现“&”是一个特殊字符。因此,您需要在开头添加额外的反斜杠。
, '=' ); $to = array ( '\\\\', '\(','\)','\|','\-','\!','\@','\~','\"', '\&', '\/', '\^', '\请注意,这不会专门处理 SQL 转义字符(例如,没有单引号替换)。事实上,我测试过它,它甚至不适用于狮身人面像角色。
您需要此函数:
请注意 Sphinx 特定字符上的额外反斜杠。我认为发生的情况是,他们将整个查询通过 SQL 解析器,该解析器删除了用于 SQL 目的的“无关”转义反斜杠(即“\&”->“&”)。然后,它将 MATCH 子句放入全文解析器,然后突然出现“&”是一个特殊字符。因此,您需要在开头添加额外的反斜杠。
, '\=' ); return str_replace ( $from, $to, $string ); }请注意,这不会专门处理 SQL 转义字符(例如,没有单引号替换)。事实上,我测试过它,它甚至不适用于狮身人面像角色。
您需要此函数:
请注意 Sphinx 特定字符上的额外反斜杠。我认为发生的情况是,他们将整个查询通过 SQL 解析器,该解析器删除了用于 SQL 目的的“无关”转义反斜杠(即“\&”->“&”)。然后,它将 MATCH 子句放入全文解析器,然后突然出现“&”是一个特殊字符。因此,您需要在开头添加额外的反斜杠。
Character escaping in Sphinxql is a tricky subject... I'm not sure if it is fully officially resolved. mysql_real_escape_string won't handle the special Sphinx query characters.
They do provide an escape function in sphinxapi.php:
Note that this won't specifically handle the SQL escape characters (for example, no single quote replacement). Actually, I tested it, and it doesn't even work just for Sphinx characters.
You need this function:
Note the extra backslashes on the Sphinx-specific characters. I think what happens is that they put your whole query through an SQL parser, which removes escape backslashes 'extraneous' for SQL purposes (i.e. '\&' -> '&'). Then, it puts the MATCH clause through the fulltext parser, and suddenly '&' is a special character. So, you need the extra backslashes in the beginning.
, '\\\=', "\\'", "\\x00", "\\n", "\\r", "\\x1a" ); return str_replace ( $from, $to, $string ); }Note the extra backslashes on the Sphinx-specific characters. I think what happens is that they put your whole query through an SQL parser, which removes escape backslashes 'extraneous' for SQL purposes (i.e. '\&' -> '&'). Then, it puts the MATCH clause through the fulltext parser, and suddenly '&' is a special character. So, you need the extra backslashes in the beginning.
, '=' ); $to = array ( '\\\\', '\(','\)','\|','\-','\!','\@','\~','\"', '\&', '\/', '\^', '\Note that this won't specifically handle the SQL escape characters (for example, no single quote replacement). Actually, I tested it, and it doesn't even work just for Sphinx characters.
You need this function:
Note the extra backslashes on the Sphinx-specific characters. I think what happens is that they put your whole query through an SQL parser, which removes escape backslashes 'extraneous' for SQL purposes (i.e. '\&' -> '&'). Then, it puts the MATCH clause through the fulltext parser, and suddenly '&' is a special character. So, you need the extra backslashes in the beginning.
, '\=' ); return str_replace ( $from, $to, $string ); }Note that this won't specifically handle the SQL escape characters (for example, no single quote replacement). Actually, I tested it, and it doesn't even work just for Sphinx characters.
You need this function:
Note the extra backslashes on the Sphinx-specific characters. I think what happens is that they put your whole query through an SQL parser, which removes escape backslashes 'extraneous' for SQL purposes (i.e. '\&' -> '&'). Then, it puts the MATCH clause through the fulltext parser, and suddenly '&' is a special character. So, you need the extra backslashes in the beginning.