我用onchange事件构建了一个简单的搜索表单,但当我输入类似/或'或alert的搜索输入时(它会返回我的错误,这是我的后端代码:
const searchAds = async (req, res, next) => {
const search = req.params.search;
let ads;
try {
ads = await Ad.find({ "title": { $regex: '.*' + search,$options:'i' + '.*' }});
} catch (err) {
const error = new HttpError(
'Searching ads failed, please try again later.',
500
);
return next(error);
}
const page = parseInt(req.query.page) || 1;
const pageSize = 20;
const pager = paginate(ads.length, page, pageSize);
const pageOfItems = ads.map(ad => ad.toObject({ getters: true })).slice(pager.startIndex, pager.endIndex + 1);
return res.json({ pager, pageOfItems });
};
避免这种情况的最佳方法是什么?这也是查找方法的正确方法吗?
您是否尝试过将搜索变量包装在encodeURI((或encodeURIComponent((中?
https://www.w3schools.com/jsref/jsref_escape.asp
您可以使用https://www.npmjs.com/package/regex-escape以转义您的搜索参数。
var escape = require("regex-escape");
...
ads = await Ad.find({ "title": { $regex: '.*' + escape(search), $options:'i' + '.*' }});