SQLSTATE[42000]: Syntax error or access violation: 1064 syntax error, unexpected $end #8335
Description
Using the search with special characters e.g. a + will raise an exception.
The characters that may produce this problem are listed here: https://dev.mysql.com/doc/refman/5.7/en/fulltext-boolean.html
The problem seems to be how Magento\Framework\DB\Helper\Mysql\Fulltext::getMatchQuery escapes the input query.
Preconditions
- Magento Enterprise v2.1.3
- Standard Devbox (+ ElasticSearch) from https://magento.com/tech-resources/downloads/magento/
Steps to reproduce
- Start a new Magento2 Enterprise Devbox (with Elasticsearch enabled, no sample data needed)
- Create a new product with name that contains a "+" character e.g. "PRODUCT 8P+"
- Search for the product with by the exact name
Expected result
- Should show product grid/list with one product in it
Actual result
Similar exception raised
Exception #0 (Zend_Db_Statement_Exception): SQLSTATE[42000]: Syntax error or access violation: 1064 syntax error, unexpected $end, query was: SELECT search_synonyms.* FROM search_synonymsWHERE (MATCH (synonyms) AGAINST ('okipage 8p\\+' IN BOOLEAN MODE)) #0 /var/www/magento2/vendor/magento/framework/DB/Statement/Pdo/Mysql.php(95): Zend_Db_Statement_Pdo->_execute(Array) #1 /var/www/magento2/vendor/magento/zendframework1/library/Zend/Db/Statement.php(303): Magento\Framework\DB\Statement\Pdo\Mysql->_execute(Array) #2 /var/www/magento2/vendor/magento/zendframework1/library/Zend/Db/Adapter/Abstract.php(480): Zend_Db_Statement->execute(Array) ....
This is not a devbox specific issue, it has been confirmed on other environments as well.
Also, it only seems to happen when using Elastic as the search backend.
Conclusion
It seems that $this->connection->quote($expression); is not enough to escape the Mysql boolean full-text search expression (it attempts to escape it with a double backslash).