[Zope] Something funny about SQL like?

Hannu Krosing hannu@trust.ee
Tue, 03 Aug 1999 14:30:17 +0300


Martijn Pieters wrote:
> 
> At 23:50 02/08/99 , Donald Holten wrote:
> >         Well, I've tried escaping the '%', single quotes instead of
> > double quotes, sqlvar instead of var, and
> >none of those have worked.  Here's the code again:
> >
> >select *
> >   from Users
> >   where <!--#var searchkey--> like "%<!--#var valuekey-->%"
> >order by <!--#var searchkey-->

...

> >SQL used:
> >
> >select *
> >   from Users
> >   where firstname like "%Donald%"
> >order by firstname
> >
> >         Like I said, it looks to me like the SQL it's trying to use is
> > fine.

In SQL _double_ quotes are used for escaping column names that are case
sensitive 
or contain non-alpha characters. For strings you should use single
quotes, so:

select *
   from Users
   where firstname like '%Donald%'
order by firstname

Should do what you want

---------
Hannu