SQL 'LIKE' query using '%' where the search criteria contains '%'

Question

I have an SQL query as below.

Select * from table where name like '%' + search_criteria + '%'

If search_criteria = 'abc', it will return data containing xxxabcxxxx which is fine.

But if my search_criteria = 'abc%', it will still return data containing xxxabcxxx, which should not be the case.

How do I handle this situation?

how to do it depends on your engine, but obviously you have to escape your own % — May 29 '12 at 17:00

Alex K. · Accepted Answer · 2018-06-12 10:10:41Z

29

If you want a % symbol in search_criteria to be treated as a literal character rather than as a wildcard, escape it to [%]

... where name like '%' + replace(search_criteria, '%', '[%]') + '%'

edited Jun 12 '18 at 10:10

answered May 29 '12 at 17:07

Alex K.

152k24 gold badges233 silver badges260 bronze badges

1

thank you, gives column with % sign select * from tablename where Column like '%[%]%' – shaijut Mar 18 '15 at 11:42

add a comment |

Community · Accepted Answer · 2017-05-23 11:46:58Z

Use an escape clause:

select *  from (select '123abc456' AS result from dual        union all        select '123abc%456' AS result from dual       )  WHERE result LIKE '%abc\%%' escape '\'

Result

123abc%456

You can set your escape character to whatever you want. In this case, the default '\'. The escaped '\%' becomes a literal, the second '%' is not escaped, so again wild card.

See List of special characters for SQL LIKE clause

Gordon Linoff · Accepted Answer · 2012-05-29 18:09:27Z

12

The easiest solution is to dispense with "like" altogether:

Select * from tablewhere charindex(search_criteria, name) > 0

I prefer charindex over like. Historically, it had better performance, but I'm not sure if it makes much of difference now.

answered May 29 '12 at 18:09

Gordon Linoff

980k41 gold badges418 silver badges535 bronze badges

1

I really like this answer, as it is clearly not vulnerable to SQL Injection, as you've avoided the string concatenation. – StuartQ Sep 23 '13 at 13:02
1

check out sql-server-performance for a v short comparison. Note that using like 'findme%' can still use an index if it exists. – Scotty.NET Sep 26 '13 at 10:18

add a comment |

IgniteCoders · Accepted Answer · 2014-09-19 13:08:01Z

To escape a character in sql you can use !:

EXAMPLE - USING ESCAPE CHARACTERS

It is important to understand how to "Escape Characters" when pattern matching. These examples deal specifically with escaping characters in Oracle.

Let's say you wanted to search for a % or a _ character in the SQL LIKE condition. You can do this using an Escape character.

Please note that you can only define an escape character as a single character (length of 1).

For example:

SELECT *FROM suppliersWHERE supplier_name LIKE '!%' escape '!';

This SQL LIKE condition example identifies the ! character as an escape character. This statement will return all suppliers whose name is %.

Here is another more complicated example using escape characters in the SQL LIKE condition.

SELECT *FROM suppliersWHERE supplier_name LIKE 'H%!%' escape '!';

This SQL LIKE condition example returns all suppliers whose name starts with H and ends in %. For example, it would return a value such as 'Hello%'.

You can also use the escape character with the _ character in the SQL LIKE condition.

For example:

SELECT *FROM suppliersWHERE supplier_name LIKE 'H%!_' escape '!';

This SQL LIKE condition example returns all suppliers whose name starts with H and ends in _ . For example, it would return a value such as 'Hello_'.

Reference: sql/like

Randy · Accepted Answer · 2012-05-29 16:59:30Z

2

Select * from table where name like search_criteria

if you are expecting the user to add their own wildcards...

answered May 29 '12 at 16:59

Randy

15.5k1 gold badge31 silver badges47 bronze badges

add a comment |

Peter Mortensen · Accepted Answer · 2014-01-31 22:08:02Z

2

You need to escape it: on many databases this is done by preceding it with backslash, \%.

So abc becomes abc\%.

Your programming language will have a database-specific function to do this for you. For example, PHP has mysql_escape_string() for the MySQL database.

edited Jan 31 '14 at 22:08

Peter Mortensen

26.2k21 gold badges90 silver badges120 bronze badges

answered May 29 '12 at 17:04

Harald Brinkhof

4,0381 gold badge19 silver badges32 bronze badges

add a comment |

Sean · Accepted Answer · 2012-05-29 16:59:33Z

0

Escape the percent sign \% to make it part of your comparison value.

answered May 29 '12 at 16:59

Sean

7374 silver badges8 bronze badges

This only works if you use the ESCAPE option of the LIKE operator. There is no default escape character (in SQL Server, anyway). – David R Tribble Oct 28 '15 at 16:20

add a comment |

Kapil Malhotra · Accepted Answer · 2013-12-02 00:39:10Z

0

May be this one help :)

DECLARE @SearchCriteria VARCHAR(25)SET  @SearchCriteria = 'employee'IF CHARINDEX('%', @SearchCriteria) = 0BEGINSET @SearchCriteria = '%' + @SearchCriteria + '%'ENDSELECT * FROM EmployeeWHERE Name LIKE @SearchCriteria

answered Dec 2 '13 at 0:39

Kapil Malhotra

91 bronze badge

add a comment |

current community

your communities

more stack exchange communities

SQL 'LIKE' query using '%' where the search criteria contains '%'

8 Answers 8

Not the answer you're looking for? Browse other questions tagged sql sql-server sql-like or ask your own question.

Linked

Hot Network Questions

8 Answers 8

Not the answer you're looking for? Browse other questions tagged sql sql-server sql-like or ask your own question.

Linked

Related