On Wed, Apr 20, 2005 at 11:28:28AM -0400, David Gagnon wrote: > > I have a web interface with offers a search field. This search field > will look for the string X in 12 different columns. If the string is > found anywhere I return the row. > > The problem is that the user is eable to put spacial character like : [* > This create invalid regular expression and make my sql crash. > ICNUM~* #descriptionOrKeyword# > > Is there a way to disable all meta-character. Why are you doing a regular expression search if you don't want to allow regular expressions? > I found this in the manual .. but haven't found example :-(: > : ....with ***=, the rest of the RE is taken to be a literal string, > with all characters considered ordinary characters. Read again the entire sentence, especially the first few words: If an RE begins with ***=, the rest of the RE is taken to be a literal string, with all characters considered ordinary characters. Here are some examples: SELECT 'test string' ~ 'test[*'; ERROR: invalid regular expression: brackets [] not balanced SELECT 'test string' ~ '***=test[*'; ?column? ---------- f (1 row) SELECT 'test[* string' ~ '***=test[*'; ?column? ---------- t (1 row) -- Michael Fuhr http://www.fuhr.org/~mfuhr/ ---------------------------(end of broadcast)--------------------------- TIP 4: Don't 'kill -9' the postmaster
