#159 character % needs to be escaped

3.2.2
closed-wont-fix
Jakub Vrána
Common (150)
5
2011-06-11
2011-06-10
Anonymous
No

Hi. When using the "search" fieldset on a table and the 'LIKE' or 'LIKE %%' method, if the string put on the input box contains the character %, the resulting query may not do what it should as the % from the input box conflicts with the one(s) applicable to the LIKE operator.
I think that all %s coming from the input box should be escaped too, as the quote character is for example.
Thank you.

Discussion

  • Jakub Vrána
    Jakub Vrána
    2011-06-11

    • status: open --> closed-wont-fix
     
  • Jakub Vrána
    Jakub Vrána
    2011-06-11

    The LIKE operator must support the LIKE special chars: % and _. Otherwise it would not be possible to search e.g. for all rows starting with A (A%). If you would like to search for % (or _), prepend it by \ or use the = operator.

     
  • You're right. I agree with that "fix" :)
    Thank you very much for your comment.