[Zope] MySQL LIKE operator

[Aaron Williamson]

Hello,

    I'm writing a search query to a MySQL database.  I want to keep
people from screwing around with my database by running searches like ";
delete from ... yada yada.  So I should use <dtml-sqlvar>, right?  But
what if I want to use LIKE?
  If I say:  WHERE goo LIKE "%<dtml-sqlvar name=bar type=string>%"  then
effectively I am saying: WHERE goo LIKE "%'somestring'%".  In other
words, it will match only the string with the single quotes.  I hope
this makes sense.  Has anyone faced a similar problem?
  Thanks for any help

--Aaron