Tweaking my search functionality
I have tested search functionality i have implemented on a live website. I came across some small issues. I can't put special characters in the search box or my application will crash. I tried to solve this using some replaces on the characters it crashes on, but this won't cure the pain. When i entered this sign: * into the searchbox it gave me the following error:
Cannot parse '<%%> echo;': '' or '?' not allowed as first character in WildcardQuery. I have had this error before and then stripped the spaces between all words. The error was then gone. However when i now replace this开发者_如何学C: * with this: "" i will get the error described above. Is there any standard way i can solve the special character issue with? I'll write down some of my code here, so i can get better feedback.
Analyzer analyzer = new StandardAnalyzer();
QueryParser qpContent = new QueryParser(Index.ContentFieldName, analyzer);
keyword.Trim();
keyword = keyword.Replace("\"", "");
keyword = keyword.Replace("^", "");
keyword = keyword.Replace("*", "");
Query queryContent = qpContent.Parse(keyword + "*");
QueryParser qpLanguage = new QueryParser("language", analyzer);
Query queryLanguage = qpLanguage.Parse(Sitecore.Context.Language.Name.ToString());
As you see i first replace * and then later on add it back in the queryparser. I'm not 100% familiar with this kind of functionality and therefore have no clue at all what i'm doing wrong. All help is much appreciated, thanks!
you may have the ValidateRequest option set in your config, this helps to protect against Injection Attacks in asp.net.
Some details can be found here...
http://msdn.microsoft.com/en-us/library/bb355989.aspx
http://msdn.microsoft.com/en-us/library/system.web.configuration.pagessection.validaterequest.aspx
and...
http://en.wikipedia.org/wiki/Code_injection
http://en.wikipedia.org/wiki/SQL_injection
精彩评论