Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
StringExpression.contains(): No escaping done for MS-SQL-server #630
When using StringExpression.contains() like this in combination with MS-SQL-server:
then searchString won't get escaped correctly for the generated SQL-query when using MS-SQL-server. E.g. setting the searchString to "[C-P]arsen", results in finding author names like "Jon Larsen", "Jeff Karsen" or "Todd Karsenson" and so on (see http://msdn.microsoft.com/en-us/library/aa933232(SQL.80).aspx ).
However to my understanding StringExpression.contains() should escape all wildcard characters (like [ in MS-SQL server) from the input string.
We could bypass this by using StringExpression.like(String str, char escape) instead of StringExpression.contains(). We specified \ as escape character and escaped the wildcards of the input string before and attached % at the begin and end of the string. E.g. we used
So only authors like "Jon [C-P]arsen" or "Todd [C-P]arsenson" are returned (yes, probably not the best real-world example ;-)).
QueryDSL version: 3.3.0