Skip to content

Latest commit

 

History

History
73 lines (53 loc) · 2.44 KB

IncorrectUseLikeInQuery.md

File metadata and controls

73 lines (53 loc) · 2.44 KB

Incorrect use of 'LIKE' (IncorrectUseLikeInQuery)

Description

When using the operator LIKE in the query text, it is allowed to use only

  • constant string literals
  • query parameters

It is forbidden to form a template string using calculations, use string concatenation using the query language.

Queries in which the control characters of the operator template LIKE are in query fields or in calculated expressions are interpreted differently on different DBMSs.

Examples

String concatenation by language features

Allowed:

Field LIKE "123%"

Not allowed:

Field LIKE "123" + "%"
Field LIKE Table.Template

Operator template control characters LIKE are found in query fields or in calculated expressions

For example, instead of:

Query = New Query("
|SELECT
|    Goods.Ref
|FROM
|    Catalog.Goods AS Goods
|WHERE
|    Goods.Country.Description LOKE &NameTemplate + "_"
|");

Query.SetParameter("NameTemplate", "FU");

Nessesary to use:

Query = New Query("
|SELECT
|    Goods.Ref
|FROM
|    Catalog.Goods AS Goods
|WHERE
|    Goods.Country.Description LOKE &NameTemplate
|");

Query.SetParameter("NameTemplate", "FU_");

Sources