Re: escaping % AND \%
- From: ngdvakigyotuia@xxxxxxxxx (Sven Miller)
- Date: Fri, 29 Jun 2007 16:09:44 -0400
Sounds like you want:
$esc = $dbh->get_info( 14 ); # SQL_SEARCH_PATTERN_ESCAPE
$user_input =~ s/([_%])/$esc$1/g;
$search_pattern = '%' . $user_input . '%';
$sth->execute( $search_pattern );
On 6/29/07, Bill Moseley <moseley@xxxxxxxx> wrote:
On Fri, Jun 29, 2007 at 04:01:25PM +0100, Raf wrote:.
> >But if $search_pattern is '\%' then you end up with '\\%'.
>
> If you have a user defined search pattern which is \%, then you can assume
> that user wanted to match against the '%' litteral, right? So \\% is what
> you'd want, isn't it?
No, I don't want to give the user access to the % or _. I'm using
'%' . $user_string . '%'
but I don't want $user_string to have any special characters. If
$user_string includes \ or % or _ I want them to be literal, without
special meaning.
--
Bill Moseley
moseley@xxxxxxxx
- References:
- escaping % AND \%
- From: Bill Moseley
- Re: escaping % AND \%
- From: Raf
- Re: escaping % AND \%
- From: Bill Moseley
- escaping % AND \%
- Prev by Date: RE: escaping % AND \%
- Next by Date: Re: next version of DBD::ODBC including available unicode patch?
- Previous by thread: RE: escaping % AND \%
- Index(es):
