Datastore SQL search crashes on LIKE statements with '%'

[amercader]

A query like this one, which uses the SQL filter "COMMONNAME" LIKE 'CAS%' returns a 500.

http://localhost:5000/api/action/datastore_search_sql?sql=SELECT%20*%20from%20%22e9841cd0-a8b9-4023-a56b-a2904edd8abb%22%20WHERE%20%22COMMONNAME%22%20LIKE%20'CAS%'

...
File '/home/adria/dev/pyenvs/ckan_datastore/src/ckan/ckanext/datastore/logic/action.py', line 287 in datastore_search_sql
  result = db.search_sql(context, data_dict)
File '/home/adria/dev/pyenvs/ckan_datastore/src/ckan/ckanext/datastore/db.py', line 1109 in search_sql
  try:
File '/home/adria/dev/pyenvs/ckan_datastore/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1449 in execute
  params)
File '/home/adria/dev/pyenvs/ckan_datastore/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1628 in _execute_text
  statement, parameters
File '/home/adria/dev/pyenvs/ckan_datastore/local/lib/python2.7/site-packages/sqlalchemy/engine/base.py', line 1691 in _execute_context
  context)
File '/home/adria/dev/pyenvs/ckan_datastore/local/lib/python2.7/site-packages/sqlalchemy/engine/default.py', line 331 in do_execute
  cursor.execute(statement, parameters)
TypeError: 'dict' object does not support indexing

[amercader]

@domoritz I've flagged this 2.1 but it is pretty bad. If the fix is easy might be worth considering for 2.0.

[domoritz]

Argg, yeah, I know what causes the problem. It's because % is the python character for string replacement. It's a one line fix and I think it can/should go into 2.0.

All other cases (as far as I know) where a % could be passed to the db (like column names) already have a fix for the %-issue.