ansaurus

Question

In Delphi 7, how do I escape a percent sign (%) in the Format function?

Answer 1

+4 A:

%% , IIRC.

moobaa 2008-11-06 02:40:56

Answer 2

+13 A:

Use another % in the format string:

SQL.Text := Format('select foo from bar where baz like ''%s%%''',[SearchTerm]);

Robert Gamble 2008-11-06 02:44:33

Answer 3

+1 A:

Obligatory: http://xkcd.com/327/ :-)

Depending on context, your approach might be vulnerable to SQL injection. If the search term comes from user input it would probably be better to use a parameterized query or at least try to sanitize the input.

TOndrej 2008-11-06 10:27:54

True, it would be vulnerable.. but this is for a throwaway POC. I haven't actually figured out how to use parameterized queries with LIKE.

Blorgbeard 2008-11-06 19:52:02

ansaurus

tags:

views:

answers:

In Delphi 7, how do I escape a percent sign (%) in the Format function?

related questions