I have a question about escaping a db query that uses iregex. I
wonder if there isn't just a function that I need to use that I don't
know how to find.
I have a text box where users can enter multiple words and I will
search the database for a regex made from those words (the underlying
databse record is from a CharField). My first try was this:
regex=r'('+'|'.join(word_list)+')+'
xQ = X.objects.filter(f__iregex=regex)
I entered "paper; select * from pkg_y" and got a screen dump (a text
traceback) going down to a line involving the database cursor (I have
a quite recent Django running from the svn, using Python 2.6 and
PostgreSQL, if that matters). From this I understood that I have to
sanitize regex.
Is that right? Is there a natural way to do that? I have at the
moment got
regex=r'('+"|".join([re.escape(t) for t in word_list])+')+'
but I am dubious about my ability to outsmart any bad guys.
Thank you for any help,
Jim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
