Reputation: 111
So I've been looking around but I can't seem to find answer to a seemingly simple and probably commonly asked question. In SQLite, I have a query that I want to pass via user defined search text.
search = xChatMessageSplit[2]
c.execute("SELECT * FROM captured WHERE Nick=? AND Name LIKE '%search%'",(xChatNick,search))
Obviously the syntax or whatever is incorrect since I'm getting errors, but I want to basically allow users to define a search term for string, "search." How would I go about doing this? I tried using REGEXP but I can't seem to figure out how to define the function so I figured I'd just go with LIKE since it's already implemented into SQLite3
Upvotes: 2
Views: 3199
Reputation: 839254
You need to use ?
to show where the parameter's value will be used.
c.execute("""SELECT * FROM captured
WHERE Nick=?
AND Name LIKE ('%' || ? || '%')""", (xChatNick,search))
Upvotes: 6