Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not escaping ' in iLIKE query properly #1114

Merged
merged 13 commits into from
Dec 28, 2024
Merged

Not escaping ' in iLIKE query properly #1114

merged 13 commits into from
Dec 28, 2024

Conversation

trzysiek
Copy link
Member

@trzysiek trzysiek commented Dec 15, 2024
edited
Loading

#1038

As new tests show for a little bit, the issue seems fixed. Instead of doing nothing, I escape all \ and ' in all string literals. There might be some edge case where it's not the correct behaviour, but I thought for a bit and haven't found any.
Even in regexp, where we escape _ (Clickhouse's equivalent of . in regex), escaping it twice because of this change (sending \\_ to Clickhouse instead of \_ before), seems to work just as fine.

Because of array joins issue, sample panel still doesn't work, but there are no more any escaping error messages, like in the issue description.
So, when running on main, we get a lot of:

quesma-1                 | Dec 22 15:36:13.876 ERR quesma/quesma/dual_write_proxy.go:252 > quesma request failed: Q3006: Database query has failed. You may get more details in the Quesma console.  clickhouse: query failed. err: code: 62, message: Syntax error: failed at position 488 ('(') (line 1, col 488): (((arrayJoin("category") __quesma_match 'Men's Clothing')

But when running on this branch, we only have errors like this (notice ' properly escaped):

quesma-1                 | Dec 22 15:32:01.714 ERR quesma/quesma/dual_write_proxy.go:252 > quesma request failed: Q3006: Database query has failed. You may get more details in the Quesma console.  clickhouse: query failed. err: code: 62, message: Syntax error: failed at position 278 ('__quesma_match') (line 1, col 278): __quesma_match 'Men\'s Clothing')

Additional info:
We discussed with Rafał some other way to make it work: stop sending any strings in the query itself, but pass all of them as parameters, where the driver will take care of any escaping issues, etc.
It's probably a good idea for the future, but would require some non-trivial amount of work, unlike this straightforward solution, which I already had done.

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

cloudflare-workers-and-pages bot commented Dec 21, 2024
edited
Loading

Deploying quesma with  Cloudflare Pages  Cloudflare Pages

Latest commit: e384249
Status: ✅  Deploy successful!
Preview URL: https://eca0c455.quesma.pages.dev
Branch Preview URL: https://issue-1038.quesma.pages.dev

View logs

@trzysiek trzysiek marked this pull request as ready for review December 22, 2024 15:58
@trzysiek trzysiek requested a review from a team as a code owner December 22, 2024 15:58
jakozaur
jakozaur approved these changes Dec 27, 2024
View reviewed changes
Copy link
Contributor

@jakozaur jakozaur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On potential comment.

quesma/quesma/search_test.go Outdated Show resolved Hide resolved
@trzysiek trzysiek enabled auto-merge December 28, 2024 15:07
@trzysiek trzysiek added this pull request to the merge queue Dec 28, 2024
@trzysiek trzysiek mentioned this pull request Dec 28, 2024
Closed
Merged via the queue into main with commit 9173255 Dec 28, 2024
5 checks passed
@trzysiek trzysiek deleted the issue-1038 branch December 28, 2024 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakozaur jakozaur jakozaur approved these changes

@nablaone nablaone Awaiting requested review from nablaone nablaone is a code owner automatically assigned from QuesmaOrg/engineering

@mieciu mieciu Awaiting requested review from mieciu mieciu is a code owner automatically assigned from QuesmaOrg/engineering

@avelanarius avelanarius Awaiting requested review from avelanarius avelanarius is a code owner automatically assigned from QuesmaOrg/engineering

@pdelewski pdelewski Awaiting requested review from pdelewski pdelewski is a code owner automatically assigned from QuesmaOrg/engineering

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trzysiek @jakozaur