[SalesForce] Interpreting wildcards (eg, * and &) in SOSL queries through the API. Escape or not

I have a search feature that is implemented with the AJAX toolkit to use SOSL.

var results = sforce.connection.search("FIND {" + sanitize(...) + "} IN NAME FIELDS RETURNING ...");

The sanitize(...) function escapes SOSL-reserved characters (below) according to the documentation by inserting backslashes so that they are interpreted by SOSL as literal characters.

? & | ! { } [ ] ( ) ^ ~ * : \ " ' + -

Because the documentation instructs to escape the above special characters, the user now loses the ability to use the * and ? wildcards (e.g., if the user enters amer*, the sanitize would convert it to amer\*)

This now brings me to a few questions,

  • Should the * and ? wildcards be exposed to the user, ie. unescaped?
  • How can the implementation distinguish if the user intends to use a literal asterisk from a wildcard search?

Best Answer

From the SOSL Wildcards documentation:

Asterisks match zero or more characters at the middle or end (not the beginning) of your search term. For example, a search for john* finds items that start with john, such as, john, johnson, or johnny. A search for mi* meyers finds items with mike meyers or michael meyers. If you are searching for a literal asterisk in a word or phrase, then escape the asterisk (precede it with the \ character).

So I'd say it is expected that you only escape the * if you want the literal value.

It would probably be easiest to let the users escape the * character if required. Of have a "With Wildcards" option next to the search input to toggle if you do full escaping or not.

Related Topic