handle special chars; write tests for special chars

2020-01-31 13:58:09 +01:00
parent 9c2aff53d7
commit 793e26e01f
2 changed files with 23 additions and 6 deletions
--- a/spec/query_generator_spec.rb
+++ b/spec/query_generator_spec.rb
@@ -85,5 +85,11 @@ class SqlGeneratorTester

      expect(@query.where_clause).to eq ['(players.title LIKE ? AND NOT (players.title LIKE ? OR players.title LIKE ?))', '%a%', '%b%', '%c%']
    end
+
+    it 'tests search with special characters in search term' do
+      @query = TextToSqlQuery.new('title:"%a_\"', [:'players.title', :'players.tag', :'players.device_id'], :'players.device_id')
+
+      expect(@query.where_clause).to eq ['players.title LIKE ?', '%"\%a\_\\"%']
+    end
  end
 end
--- a/text_to_sql_query.rb
+++ b/text_to_sql_query.rb
@@ -22,15 +22,17 @@ class TextToSqlQuery

  def generate_sql(tree)
    first_key = tree.keys.first
+    node_value = tree[first_key]
    case first_key
    when :DEFAULT_COLUMN
-      ["#{@default_field.to_s} LIKE ?", "%#{tree[first_key]}%"]
+      escaped_node_value = escape_special_chars node_value
+      ["#{@default_field.to_s} LIKE ?", "%#{escaped_node_value}%"]
    when :OPERATOR_OR
-      generate_expression_for_logical_operator(:OR, tree[first_key])
+      generate_expression_for_logical_operator(:OR, node_value)
    when :OPERATOR_AND
-      generate_expression_for_logical_operator(:AND, tree[first_key])
+      generate_expression_for_logical_operator(:AND, node_value)
    when :OPERATOR_NOT
-      not_array = generate_sql tree[first_key]
+      not_array = generate_sql node_value

      if not_array.length < 2
        raise "There should be more than 1 element for expression following NOT operator"
@@ -43,11 +45,12 @@ class TextToSqlQuery

    else
      # key is column name
+      escaped_node_value = escape_special_chars node_value
      mapping = @fields_mappings[first_key.to_sym]
      if mapping.nil?
-        ["#{@default_field.to_s} LIKE ?", "%#{tree[first_key]}%"]
+        ["#{@default_field.to_s} LIKE ?", "%#{escaped_node_value}%"]
      else
-        ["#{mapping.to_s} LIKE ?", "%#{tree[first_key]}%"]
+        ["#{mapping.to_s} LIKE ?", "%#{escaped_node_value}%"]
      end
    end
  end
@@ -76,4 +79,12 @@ class TextToSqlQuery

    ["(#{first_operand_expression} #{operator.to_s} #{second_operand_expression})"] + first_operand_params + second_operand_params
  end
+
+  def escape_special_chars(text)
+    result = text
+    result.gsub!(/\_/, '\_')
+    result.tr!('\\', '\\')
+    result.gsub!(/%/, '\%')
+    result
+  end
 end