The entire LDAP search filter must be a valid UTF-8string. There five (5) values that, should they appear in a search filter, must be escaped using a backslash \and the two-digit hexadecimal code for the character being escaped. The values that must be escaped are *, (, ), \, and the null byte 0; therefore the "and the 'are legal and valid characters in the search filter. In a language like Java that encloses a string literal between "characters, the "character appearing as part of string literal must be escaped.

整个 LDAP 搜索过滤器必须是有效的UTF-8字符串。如果出现在搜索过滤器中，有五 (5) 个值必须使用反斜杠\和被转义字符的两位十六进制代码进行转义。必须转义值是*，(，)，\，和空字节0; 因此"和'是搜索过滤器中合法有效的字符。在像 Java 这样在"字符之间包含字符串文字的语言"中，作为字符串文字的一部分出现的字符必须被转义。

In one example, you list the filter with a backslash \character in the filter. A backslash must be escaped in the filter using a backslash and the hexadecimal code for backslash, for example, "(cn=abc\5c\"and'def)'". In the other example, you list as the filter "(cn=abc"and'def)"which is in fact a legal search filter - ignoring the fact that the inner "is not escaped as it must be for compilation.

在一个示例中，您在过滤器中列出带有反斜杠\字符的过滤器。必须使用反斜杠和反斜杠的十六进制代码在过滤器中对反斜杠进行转义，例如，"(cn=abc\5c\"and'def)'"。在另一个示例中，您列出的过滤器"(cn=abc"and'def)"实际上是一个合法的搜索过滤器 - 忽略内部"没有转义的事实，因为它必须用于编译。

By way of example, I created an object in a directory at my localhost listening on port 1389 with prefix or naming context dc=example,dc=comusing the following LDIF:

举例来说，我在本地主机的目录中创建了一个对象，该对象dc=example,dc=com使用以下 LDIF 使用前缀或命名上下文监听端口 1389 ：

dn: cn=abc"and'def,dc=example,dc=com
objectClass: top
objectClass: person
cn: abc"and'def
sn: whatever

I wrote a Java class to search for the entry, throwing an assertion error if it should not be found:

我写了一个 Java 类来搜索条目，如果不应该找到则抛出断言错误：

import com.unboundid.ldap.sdk.Filter;
import com.unboundid.ldap.sdk.LDAPConnection;
import com.unboundid.ldap.sdk.LDAPException;
import com.unboundid.ldap.sdk.SearchScope;
import com.unboundid.ldap.sdk.SearchResult;

public final class BSFilter {
  public static void main(String... args) {
    try {
      Filter searchFilter =
        Filter.create("cn=abc\"and'def");
      LDAPConnection connection =
        new LDAPConnection("localhost",1389);
      SearchResult searchResult =
        connection.search("dc=example,dc=com",SearchScope.ONE,
                          searchFilter,"1.1");
      assert(searchResult.getSearchEntries().size() == 0);
    } catch(LDAPException lex) {
      lex.printStackTrace();
      return;
    }
  }
}

This class compiles and throws an assertion error as expected because the entry for which it searches does in fact exist. See RFC 4515for information regarding the search filter. The LDAPSDK used is the excellent SDKfrom UnboundID. Notice that the "character is escaped in the filter so that the class will compile, but that has nothing to do with the filter text itself.

此类按预期编译并抛出断言错误，因为它搜索的条目确实存在。有关搜索过滤器的信息，请参阅RFC 4515。使用的 LDAPSDK 是来自 UnboundID的优秀SDK。请注意，该"字符在过滤器中被转义，以便类可以编译，但这与过滤器文本本身无关。

Use the force of the filter to handle escaping for your. Something like:

使用过滤器的力量来处理您的逃逸。就像是：

"(&(objectClass=user)(cn={0}))"

I use JNDI and one of the search() overloadsthat take a `filterArgs' argument. Does all the escaping required for you.

我使用 JNDI 和带有 `filterArgs' 参数的search() 重载之一。是否为您完成所有的转义。