Skip to content

No Escaping for LIKE Patterns from Runtime Variables #43

New issue
New issue
Closed
#84
Closed
No Escaping for LIKE Patterns from Runtime Variables#43
#84
Labels
category::correctnessSQL correctness and PostgreSQL compatibilityseverity::mediumModerate issues affecting quality or usability
@richardwooding

Description

@richardwooding
richardwooding
opened on Oct 22, 2025

Summary

Non-literal LIKE patterns from variables aren't escaped, causing incorrect matching.

Location

cel2sql.go:291-297, 333-338

Issue

// For non-literal patterns
con.str.WriteString(" || '%'")  // Variable may contain % or _

Impact

Medium - Incorrect pattern matching when variables contain wildcards.

Recommendation

Either:

  1. Use REPLACE() to escape at runtime
  2. Document limitation
  3. Return error for non-literal patterns

Metadata

Metadata

Assignees

No one assigned

    Labels

    category::correctnessSQL correctness and PostgreSQL compatibilityseverity::mediumModerate issues affecting quality or usability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions