Mongodb text search doesn't work on long string but works on short string

529 views Asked by At

I have a collection that contains categories, and each document looks something like this:

Small snippet of one document:

{
    "category" : "Programming",
    "keywords" : [
        "SQL",
        "PHP",
        "C++"
    ]
}

When I run the following command ($search was from a question found on stackoverflow):

db.categories.find({
    $text : {
        $search: 'If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST[\'user_input\']; mysql_query("INSERT INTO `table` (`column`) VALUES (\'$unsafe_variable\')"); That\'s because the user can input something like value\'); DROP TABLE table;--, and the query becomes: INSERT INTO `table` (`column`) VALUES(\'value\'); DROP TABLE table;--\') What can be done to prevent this from happening?'
    }
}, {category: 1})

I get no results back, but when I truncate the string to look like this:

db.categories.find({
    $text : {
        $search: 'If user input is inserted without modification into an SQL query'
    }
}, {category: 1})

I do get results back. Why is the longer string not giving me results whereas the second shorter string is giving me results?

1

There are 1 answers

0
Get Off My Lawn On

Okay, I figured out what was wrong, I was doing "Exact Searches" and "Exclude Searches" because I had quotes around items and - signs. Removing that allows me to search for what I want and get back what I am looking for.

db.categories.find({
    $text : {
        $search: 'If user input is inserted without modification into an SQL query then the application becomes vulnerable to SQL injection like in the following example unsafevariable  POST user input mysql query INSERT INTO table column VALUES unsafevariable Thats because the user can input something like value DROP TABLE table and the query becomes INSERT INTO table column VALUES value DROP TABLE table What can be done to prevent this from happening'
    }
}, {category: 1})