Skip to content

Escaping Method for filter Expressions #21

New issue
New issue
Open
Open
Escaping Method for filter Expressions#21
@staabm

Description

@staabm
staabm
opened on Apr 1, 2020

we built filter expressions like

        $searchParams = [
            'returnProperties' => true,
            'filter' => '(
                           (\'adaid\' == '.(int) $user->adaid.') AND
                           ( \'active\') 
                        )',
        ];

        $result = $this->client->send(new SearchItems($userid, $searchQuery, self::COUNT_SEARCH_ITEMS, $searchParams));

for this case we need to escape user-input so we can use it in the filter query.
atm this is easy because we just have this int here. but image we would have to pass in a string value.. how should this value be escaped for the filter-expression?

IMO the SDK should provide a escaping method, so we can use whatever variable inside the expresssion without security risks

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions