Couchbase is an open-source, distributed, NoSQL document database. It supports Full Text Search (FTS) for natural language querying.
In order to perform FTS, a search index is necessary. The search index contains searchable text from documents within a specified bucket.
It would be prudent to consider the search use cases when deciding the schema of the documents used by the applications in a solution. This would ensure that the search index is of optimal size for better performance.
FTS can be performed using N1QL or querying the Couchbase search service.
Here is an example of performing FTS using N1QL with a SEARCH clause to query cloud assets containing the word production.
SELECT cloud_asset.name
FROM assets AS cloud_asset
WHERE SEARCH(
cloud_asset,
{"query": "production" },
{ "index": "fts-index" }
)
LIMIT 3;
===
[
{
"name": "gke-production"
},
{
"name": "db-backup-production"
},
{
"name": "production-k8s"
},
]Looks simple as above to implement but little did we know that we would stumble upon an unexpected FTS issue !
When constructing dynamic database queries, a software developer needs to take due care to avoid SQL injection flaws. One option to avoid SQL injection flaws, is to use prepared statements with variable bindings (i.e. named parameters). The use of named parameters enables the database to differentiate between SQL code and data.
When the FTS query (mentioned in previous section) is tweaked to use named parameters, the Couchbase query engine throws a runtime error. This issue has been reported in Couchbase Community Edition 7.1.0 build 2556 and accepted in the Couchbase forum.
A big thank you to the Couchbase community for their quick response in acknowledging and planning to resolve this issue in 7.1.2 (August 2022) release.