SQL Injection vulnerability here! Instead do: db(db.tableX.fieldY.contains(something[0])).select()
On Friday, 14 February 2014 16:46:50 UTC-6, NeoToren wrote: > > If you need it for running a SQL query using the LIKE operator...the > following worked for me: > > sqlstring = "SELECT * FROM tableX WHERE fieldY LIKE '%"+something[0]+"%'" > > > On Wednesday, February 12, 2014 12:28:35 PM UTC-5, Alejandro Garza Gracia > wrote: >> >> Hello, I've looked through the documentation and the questions asked but >> I haven't been able to escape the '%' percent character in a string. >> >> I've tried using '\%' and '%%' in a label string, but none has worked so >> far. >> >> I'd appreciate the help. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
