On Jan 29, 2:04 pm, Michael Bayer <[email protected]> wrote:
> ilike is available using column.ilike("some string"). You can turn it into
> a "contains" by adding in the appropriate "%" signs manually. If you want to
> do lower() manually, then you can say func.lower(column).contains('some
> string'), though ilike() does the lower() logic when used on a backend that
> doesn't have ILIKE built in.
i knew all that, my concern was passing in a bind parameter to ilike.
i want to do something like:
name = 'Jonathan'
models.User.name.contains( name , case_sensitive=False )
models.User.name.startswith( name , case_sensitive=False )
models.User.name.ilike( """%:name%""" ).params( name = name )
I don't want to do:
models.User.name.ilike( """%%%s%%""" % name )
because without an ability to escape 'name' or bind it as a
placeholder, it becomes a sql injection vulnerability
the workaround to get the same result ( manually doing a lowercase )
works :
sqlalchemy.fun.lower( models.User.name ).contains( name.lower() )
but i'd rather generate the proper sql for my backend ( postgres) and
have the ilike.
maybe i should ticket a feature request (or two?):
- allow `contains` and `startswith` to accept a case_sensitive option
( defaults to True, as that is the current behavior )
- parse strings in ilike for bind params, or give them a params
keyword ( col.ilike( pattern , params={} ))
--
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
