I have a collection that contains categories, and each document looks something like this:
Small snippet of one document:
{
"category" : "Programming",
"keywords" : [
"SQL",
"PHP",
"C++"
]
}
When I run the following command ($search was from a question found on stackoverflow):
db.categories.find({
$text : {
$search: 'If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST[\'user_input\']; mysql_query("INSERT INTO `table` (`column`) VALUES (\'$unsafe_variable\')"); That\'s because the user can input something like value\'); DROP TABLE table;--, and the query becomes: INSERT INTO `table` (`column`) VALUES(\'value\'); DROP TABLE table;--\') What can be done to prevent this from happening?'
}
}, {category: 1})
I get no results back, but when I truncate the string to look like this:
db.categories.find({
$text : {
$search: 'If user input is inserted without modification into an SQL query'
}
}, {category: 1})
I do get results back. Why is the longer string not giving me results whereas the second shorter string is giving me results?
Okay, I figured out what was wrong, I was doing "Exact Searches" and "Exclude Searches" because I had quotes around items and
-
signs. Removing that allows me to search for what I want and get back what I am looking for.