~ 2 min read

The Couchbase server issue

This blog covers a Couchbase Full Text Search query with named parameters runtime error that we reported to the vendor for fixes.

Couchbase is an open-source, distributed, NoSQL document database. It supports Full Text Search (FTS) for natural language querying.

In order to perform FTS, a search index is necessary. The search index contains searchable text from documents within a specified bucket.

It would be prudent to consider the search use cases when deciding the schema of the documents used by the applications in a solution. This would ensure that the search index is of optimal size for better performance.

โ€

Running Full Text Search (FTS)

โ€

FTS can be performed using N1QL or querying the Couchbase search service.

Here is an example of performing FTS using N1QL with a SEARCH clause to query cloud assets containing the word production.

โ€

โ€

Looks simple as above to implement but little did we know that we would stumble upon an unexpected FTS issue!

โ€

Full Text Search Issue

โ€

When constructing dynamic database queries, a software developer needs to take due care to avoid SQL injection flaws. One option to avoid SQL injection flaws, is to use prepared statements with variable bindings (i.e. named parameters). The use of named parameters enables the database to differentiate between SQL code and data.

When the FTS query (mentioned in previous section) is tweaked to use named parameters, the Couchbase query engine throws a runtime error. This issue has been reported in Couchbase Community Edition 7.1.0 build 2556 and accepted in the Couchbase forum

A big thank you to the Couchbase community for their quick response in acknowledging and planning to resolve this issue in 7.1.2 (August 2022) release.

;