Use of square brackets in SEARCH does not return the same results if used in FILTER.
Jason_Meyer
Customer Advanced IT Monkey ✭✭✭
Has anyone else noticed that the use of square brackets in SEARCH does not return the same results if used in FILTER?
If we setup a saved search to look for all Change Requests that have [Nebraska] in the title, the search results include what appears to be all change request work items.
If we setup a filter on the Title Column using that same criteria contains [Nebraska], the results only include work items that have [Nebraska] in the title.
Bug?
Best Answer
-
Justin_Workman
Cireson Support Super IT Monkey ✭✭✭✭✭
@Jason_Meyer - The search results can be explained because the search criteria ultimately goes off to SQL for the results. The square brackets are used for additional wildcard behavior in SQL. You can escape them by adding a set of square brackets after the initial left square bracket. (eg. [[]Nebraska])
The grid filtering is happening in the browser and doing an exact string match.
6
Answers
@Jason_Meyer - The search results can be explained because the search criteria ultimately goes off to SQL for the results. The square brackets are used for additional wildcard behavior in SQL. You can escape them by adding a set of square brackets after the initial left square bracket. (eg. [[]Nebraska])
The grid filtering is happening in the browser and doing an exact string match.
Thanks Justin, issue resolved. 😎
@Justin_Workman speaking of SQL query in the search: is this input sanitized somehow or could user do some SQL injection attacks? :) Thanks.
@Peter_Miklian - Yes. The input is broken up into parameters that are passed into a stored procedure. The search condition will always be treated as a value to evaluate rather than a statement or piece of a statement to execute.