-
|
I need a some sort of query like this: `SELECT * FROM my_table WHERE name LIKE '%${ userInput }%'`If I will use a ? placeholder and pass a second param to the query with a userInput then the generated sql will be broken `SELECT * FROM my_table WHERE name LIKE '%'Mike'%'`Is it possible to escape a user input for a LIKE operator with a built in mysql2 tools? |
Beta Was this translation helpful? Give feedback.
Answered by
muturgan
Jan 18, 2022
Replies: 2 comments 1 reply
This comment has been hidden.
This comment has been hidden.
-
|
As I can see a user input is still unsafe |
Beta Was this translation helpful? Give feedback.
-
|
I like an answer from SO - using position instead of like: |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
muturgan
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I like an answer from SO - using position instead of like: