Sounds like you want: $esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE $user_input =~ s/([_%])/$esc$1/g; $search_pattern = '%' . $user_input . '%'; $sth->execute( $search_pattern );
On 6/29/07, Bill Moseley <[EMAIL PROTECTED]> wrote:
On Fri, Jun 29, 2007 at 04:01:25PM +0100, Raf wrote: > >But if $search_pattern is '\%' then you end up with '\\%'. > > If you have a user defined search pattern which is \%, then you can assume > that user wanted to match against the '%' litteral, right? So \\% is what > you'd want, isn't it? No, I don't want to give the user access to the % or _. I'm using '%' . $user_string . '%' but I don't want $user_string to have any special characters. If $user_string includes \ or % or _ I want them to be literal, without special meaning. -- Bill Moseley [EMAIL PROTECTED]
