From: sqlite-users <sqlite-users-boun...@mailinglists.sqlite.org> on behalf of
R Smith <ryansmit...@gmail.com>
Sent: Friday, January 5, 2018 3:41:35 PM
To: sqlite-users@mailinglists.sqlite.org
Subject: Re: [sqlite] Search % using sqlite
On 2018/01/05 10:14 AM, Rowan
On 2018/01/05 10:14 AM, Rowan Worth wrote:
For this simple search it's easier to replace "NAME LIKE ?" with
"instr(NAME, ?) > 0", unless you need case insensitive matching.
And in case you do wish for Case-Insensitive matching while using
Rowan's method...
"instr(UPPER(NAME), UPPER(?)) >
Firstly this code is extremely dangerous. What would happen if
acInputString contained this string?
';DROP TABLE AUDIO; SELECT '
It's best practice to use bound parameters to prevent this kind of problem,
ie.
sqlite3_prepare(db, "SELECT NAME FROM AUDIO WHERE NAME LIKE ?", -1, ,
NULL);
Hi All,
We are implementing a wild card search feature. our query is as below:
sprintf (acQstring,
"SELECT NAME FROM AUDIO WHERE NAME LIKE '%%%s%%'", acInputString);
In the input string is '%' then we are getting t all the entry in the column.
ex: name column have following:
%a
a
a%a
4 matches
Mail list logo