Expose a SQL.escape() function?
dmalan opened this issue · 1 comments
dmalan commented
To solve, e.g.:
likes = []
for keyword in keywords:
likes.append("name LIKE " + str(db._escape("%" + keyword +"%")))
ors = " OR ".join(likes)
catalog = db.execute(f"SELECT * FROM catalog WHERE overall_eval >= ? AND workload_eval <= ? AND ({ors})", rating, workload)
kzidane commented
There should be no need. You could join LIKE ?s and pass wildcard values as arguments.
db.execute('SELECT * FROM bar WHERE baz LIKE ? or baz LIKE ?', '%bar', 'qu%')