search

hackworthltd / primer

A pedagogical functional programming language.
GNU Affero General Public License v3.0
14 stars 1 forks source link

Selda `like` doesn't support `escape` #1035

Open dhess opened 1 year ago

dhess commented 1 year ago

SQL's like operator uses % and _ as wildcards:

https://www.sqlite.org/lang_expr.html#like

To search for strings that contain these characters, those occurrences must be escaped with an extra clause. Unfortunately, Selda doesn't support this.

Until we can resolve this somehow, SQLite database ops that use like will fail to find search strings that contain % and _.

(Note that Rel8 doesn't support escape clauses, either, but PostgreSQL uses \ as the default escape character, which works fine for our purposes.)

brprice commented 1 year ago

Until we can resolve this somehow, SQLite database ops that use like will fail to find search strings that contain % and _.

To clarify, you mean that attempting to search for a string containing a special character will erroneously interpret those characters as wildcards? (And thus find a superset of the expected results)

dhess commented 1 year ago

Yes, that’s a good point. In fact, to protect against SQL injection attacks, perhaps we should filter them out of the provided substring.