Usually i write my where statements as WHERE key=@0
then add a param. Now i would like the user to specific a few letters such as 'oat' and would like to stick wildcards around it %oat%
which matches 'coating'. So how do i write the query so wildcards are around the user input (the 'seachword').
Now lets take it a step further. I would not like the user to write % so he cannot do blah%ing. Perhaps % is part of the sentence (or it could be flat out illegal but i prefer it be part of the sentence). How do i put my wildcards around a word or sentence and disallow the user from putting the wildcard between his words? (and preferably make % part of the sentence)
C# ado.net sql/sqlite
If you use prepared statements (ie SQLiteCommand, a subclass of DbCommand ), this will be taken care of for you. Eg:
using (SqlCommand myCommand = new SQLiteCommand("SELECT * FROM TABLE WHERE (COLUMN LIKE = '%' + @input + '%')"))
{
myCommand.Parameters.AddWithValue("@input", input);
// ...
}
See also this similar previous question .
Continue using a param, but add the wildcard in the param prior to binding.
C#:
param = '%' + Regex.Replace(param, @"[%?]", String.Empty) + '%'
SQL:
select * from ... where key like :param
RE: How do i put my wildcards around a word or sentence and disallow the user from putting the wildcard between his words? (and preferably make % part of the sentence)
I think you would need to Replace any %
the user supplies with \\%
and use
LIKE @Expression ESCAPE '\'
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.