How do I escape a string in SQL Server's stored procedure so that it is safe to use in LIKE expression.
Suppose I have an NVARCHAR variable like so:
declare @myString NVARCHAR(100);
And I want to use it in a LIKE expression:
... WHERE ... LIKE '%' + @myString + '%';
How do I escape the string (more specifically, characters that are meaningful to LIKE pattern matching, e.g. % or ?) in T-SQL, so that it is safe to use in this manner?
For example, given:
@myString = 'aa%bb'
I want:
WHERE ... LIKE '%' + @somehowEscapedMyString + '%'
to match 'aa%bb', 'caa%bbc' but not 'aaxbb' or 'caaxbb'.
This question is related to
sql-server
tsql
stored-procedures
sql-like
Do you want to look for strings that include an escape character? For instance you want this:
select * from table where myfield like '%10%%'.
Where you want to search for all fields with 10%? If that is the case then you may use the ESCAPE clause to specify an escape character and escape the wildcard character.
select * from table where myfield like '%10!%%' ESCAPE '!'
Rather than escaping all characters in a string that have particular significance in the pattern syntax given that you are using a leading wildcard in the pattern it is quicker and easier just to do.
SELECT *
FROM YourTable
WHERE CHARINDEX(@myString , YourColumn) > 0
In cases where you are not using a leading wildcard the approach above should be avoided however as it cannot use an index on YourColumn.
Additionally in cases where the optimum execution plan will vary according to the number of matching rows the estimates may be better when using LIKE with the square bracket escaping syntax when compared to both CHARINDEX and the ESCAPE keyword.
You specify the escape character. Documentation here:
http://msdn.microsoft.com/en-us/library/ms179859.aspx
Had a similar problem (using NHibernate, so the ESCAPE keyword would have been very difficult) and solved it using the bracket characters. So your sample would become
WHERE ... LIKE '%aa[%]bb%'
If you need proof:
create table test (field nvarchar(100))
go
insert test values ('abcdef%hijklm')
insert test values ('abcdefghijklm')
go
select * from test where field like 'abcdef[%]hijklm'
go
Do you want to look for strings that include an escape character? For instance you want this:
select * from table where myfield like '%10%%'.
Where you want to search for all fields with 10%? If that is the case then you may use the ESCAPE clause to specify an escape character and escape the wildcard character.
select * from table where myfield like '%10!%%' ESCAPE '!'
You specify the escape character. Documentation here:
http://msdn.microsoft.com/en-us/library/ms179859.aspx
Alternative escaping syntax:
The JDBC driver supports the {escape 'escape character'} syntax for using LIKE clause wildcards as literals.
SELECT *
FROM tab
WHERE col LIKE 'a\_c' {escape '\'};
You specify the escape character. Documentation here:
http://msdn.microsoft.com/en-us/library/ms179859.aspx
Do you want to look for strings that include an escape character? For instance you want this:
select * from table where myfield like '%10%%'.
Where you want to search for all fields with 10%? If that is the case then you may use the ESCAPE clause to specify an escape character and escape the wildcard character.
select * from table where myfield like '%10!%%' ESCAPE '!'
Had a similar problem (using NHibernate, so the ESCAPE keyword would have been very difficult) and solved it using the bracket characters. So your sample would become
WHERE ... LIKE '%aa[%]bb%'
If you need proof:
create table test (field nvarchar(100))
go
insert test values ('abcdef%hijklm')
insert test values ('abcdefghijklm')
go
select * from test where field like 'abcdef[%]hijklm'
go
You specify the escape character. Documentation here:
http://msdn.microsoft.com/en-us/library/ms179859.aspx
Rather than escaping all characters in a string that have particular significance in the pattern syntax given that you are using a leading wildcard in the pattern it is quicker and easier just to do.
SELECT *
FROM YourTable
WHERE CHARINDEX(@myString , YourColumn) > 0
In cases where you are not using a leading wildcard the approach above should be avoided however as it cannot use an index on YourColumn.
Additionally in cases where the optimum execution plan will vary according to the number of matching rows the estimates may be better when using LIKE with the square bracket escaping syntax when compared to both CHARINDEX and the ESCAPE keyword.
Alternative escaping syntax:
The JDBC driver supports the {escape 'escape character'} syntax for using LIKE clause wildcards as literals.
SELECT *
FROM tab
WHERE col LIKE 'a\_c' {escape '\'};
Source: Stackoverflow.com