mysql has all these nice full text boolean search functions that i would like to use to allow users to my site to enter a boolean search of the kind:
'underwater base' and ('doctor octopus' or 'super monkey')
i figure someone must have gone before me in figuring out a way to check the syntax of a boolean search.
And because this is allowing users to create a string which will be included in an sql statement it's opening the door a little wider than normal to an sql injection attack,
i don't just want to ban people from searching on the words 'select', 'delete' and 'insert' does anyone have a more sophisticated approach to dealing with this?
can anyone point me in the right direction?
cheers
mathew
mysql full text seach, valid boolean + sql injection attack
Moderator: General Moderators
-
compound_eye
- Forum Newbie
- Posts: 15
- Joined: Wed Mar 17, 2004 8:42 pm
-
compound_eye
- Forum Newbie
- Posts: 15
- Joined: Wed Mar 17, 2004 8:42 pm