I want to use the RedisSearch module to support queries/searches as shown in the code below.
I am using the Go-Redis driver, and as far as I can tell there isn’t a parameterised way to call RedisSearch with this driver (or any others?) and thus you must resort to doing a rdb.Do() command.
This potentially exposes a vulnerability to injection attacks, as the values will be input by the user via a website.
Possibly, I can sanitise these values to reduce the risk, but that also adds another step to the process and a potential point of failure.
Does anyone know if there is a different way to do this in a more parameterised way?
package main
import (
"context"
"fmt"
"github.com/go-redis/redis/v8"
"log"
)
var ctx = context.Background()
func main() {
rdb := redis.NewClient(&redis.Options{
Addr: "localhost:6379",
Password: "",
DB: 0,
})
query := "FT.SEARCH housesIdx \"@suburb:{sydney} @price:[1000000 1200000] @bedrooms:[4 4] @garages:[1 1] @bathrooms:[2 2]\""
res, err := rdb.Do(ctx, query).Result()
if err != nil {
log.Fatalf("Error executing search query: %v", err)
}
fmt.Printf("Search results: %+v\n", res)
}