On 05/30/2012 12:55 PM, Hendy Irawan wrote:
Dear Apache Directory users,
How do I escape an LDAP filter query ?
e.g.
String searchTerm = ...; // from user input
String filter = "(&(objectclass=person)(cn=*" + escapeFunction(searchTerm)
+ "*))";
What is this escapeFunction ?
Hello,
What exactly do you want to escape in searchTerm? Are you trying to
prevent someone from entering something like
"johndoe,o=x.com,dc=x,dc=com" as the search term? If that is the case,
then you could sanitize the input using something like this:
if( searchTerm.contains(",") )
searchTerm = searchTerm.substring(0,searchTerm.indexOf(","));
Or you could simply sanitize the user input by checking for various
characters (& | ! , etc.) and rejecting the input if one of these is
found in the string.
I'm not much of a Java programmer, so there is probably a better way,
but I hope this helps.
- Dave
--
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177
