Open dhess opened 1 year ago
Until we can resolve this somehow, SQLite database ops that use
like
will fail to find search strings that contain%
and_
.
To clarify, you mean that attempting to search for a string containing a special character will erroneously interpret those characters as wildcards? (And thus find a superset of the expected results)
Yes, that’s a good point. In fact, to protect against SQL injection attacks, perhaps we should filter them out of the provided substring.
SQL's
like
operator uses%
and_
as wildcards:https://www.sqlite.org/lang_expr.html#like
To search for strings that contain these characters, those occurrences must be
escape
d with an extra clause. Unfortunately, Selda doesn't support this.Until we can resolve this somehow, SQLite database ops that use
like
will fail to find search strings that contain%
and_
.(Note that Rel8 doesn't support
escape
clauses, either, but PostgreSQL uses\
as the default escape character, which works fine for our purposes.)