tags:

views:

49

answers:

1
+2  Q: 

In SQLite3, how can I do SQL-escaping in a LIKE clause?

I'd like to run a LIKE query in sqlite3 with the user's input safely escaped. Basically, I want to do something like this:

char* query = "SELECT * FROM table WHERE LOWER(notes) LIKE '%?%'";
sqlite3_stmt* statement;
sqlite3_prepare_v2( database, query, -1, &statement, NULL );

But the ? is not honored when inside the LIKE expression. Anyone know how to do this?

+4  A:  
char* query = "SELECT * FROM table WHERE LOWER(notes) LIKE '%' || ? || '%'";

But I recommend you look into using FTS3 for full text searching, because your queries will run hundreds of times faster than using brute-force LIKE queries.

Bill Karwin  2010-09-03 01:17:04
+1: Oracle and PostgreSQL were the only other DBs I knew of that used double pipes for string concatenation (now ANSI standard too): http://www.sqlite.org/lang_expr.html
OMG Ponies  2010-09-03 01:20:06
MySQL supports it too if you set SQL_MODE to `ANSI` or `PIPES_AS_CONCAT`.
Bill Karwin  2010-09-03 01:21:53
Awesome! Thanks. The database is a tiny single-user DB, so performance should be adequate.
Bill  2010-09-03 02:00:07
+1 for recommending FTS.
Donal Fellows  2010-09-05 10:04:45

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP