Mike Flynn
Reputation: 24325
MySQL and LIKE comparison with %
If someone passes a '%' to a field that compares in my sql with su.username LIKE CONCAT('%', email ,'%')) it returns all rows. It ends up looking like su.username LIKE CONCAT('%%%'). Can I get around this in anyway without filtering out the '%'?
Upvotes: 1
Views: 121
Answers (2)
stan
Reputation: 4995
You need to escape the %, so it literally matches '%'
select * from mytable
where mycol like '%\%%';
Upvotes: 0
Niet the Dark Absol
Reputation: 324630
I'm assuming you mean you want to escape the % so it matches a literal % instead of anything.
In that case, you just need:
... su.username LIKE CONCAT('%',REPLACE(email,'%','\\%'),'%')
Upvotes: 3
Related Questions
- MySQL LIKE operator Vs MATCH AGAINST
- Mysql Where like or like
- confusion about mysql like search and = search
- MySQL LIKE more results than expected
- Mysql like operator
- like and not like in mysql query
- compare LIKE clause with complete word
- MySQL Like query logic
- mySQL LIKE operator that does not equal
- mysql like query