solr是基于 lucence,非常的娇嫩,如果query中带有非法字符串,结果直接报错,所以你对用户的输入必须要先做处理.o
非法字符串的官方说明
- http://wiki.apache.org/solr/SolrQuerySyntax
- http://lucene.apache.org/core/4 00/queryparser/org/apache/lucene/queryparser/classic/package-summary.html#Escaping%20Special%20Characters
非法字符串有这些
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \ /
过滤的方法很简单,用 \
进行转义
solr 官方的处理方法
public static String escapeQueryChars(String s) { StringBuilder sb = new StringBuilder(); for (int i = 0; i < s.length(); i++) { char c = s.charAt(i); // These characters are part of the query syntax and must be escaped if (c == '\\' || c == '+' || c == '-' || c == '!' || c == '(' || c == ')' || c == ':' || c == '^' || c == '[' || c == ']' || c == '\"' || c == '{' || c == '}' || c == '~' || c == '*' || c == '?' || c == '|' || c == '&' || c == ';' || c == '/' || Character.isWhitespace(c)) { sb.append('\\'); } sb.append(c); } return sb.toString(); }
参考官方规则,我写了下面两段函数
php 版本过滤函数
static public function escape($value) { //list taken from http://lucene.apache.org/java/docs/queryparsersyntax.html#Escaping%20Special%20Characters $pattern = '/(\+|-|&|\||!|\(|\)|\{|}|\[|]|\^|"|~|\*|\?|:|;|~|\/)/'; $replace = '\\\$1'; return preg_replace($pattern, $replace, $value); }
python 版本过滤函数
import re def escape_solr(word): return re.sub('(\\\|\+|-|&|\|\||!|\(|\)|\{|}|\[|]|\^|"|~|\*|\?|:|;|/|\~)','\\\1', word )