Hi,
I’m writing a simple search endpoint that relies on N1QL pattern matching features.
As I didn’t found the REGEXP_LIKE
instruction in the DSL (did I miss it ?), I had to go with a Expression.x
which I assume to be unsafe.
What I did is wrapping user inputs in a Expression.s
in order to protect from injections.
Can I be confident enough with this approach or should I be concerned ?
Example
private static Expression userLastNameMatches(RegexpSearchQueryTerm term) {
return Expression.x(
"REGEXP_LIKE(" +
"lastname, " +
Expression.s(term.toString())
+ ")"
);
}