Escaping MySQL Wildcards: Clarifying Misconceptions
MySQL utilizes specific characters as wildcards to facilitate pattern matching in queries. However, in certain contexts, it's crucial to understand the subtleties of escaping these wildcards to ensure accurate and consistent SQL statements.
Escaping % and _ for String Literals
Contrary to the initial assumption, escaping the MySQL wildcards % and _ using addcslashes is unnecessary when assigning them to regular string literals. The mysql_real_escape_string function is adequate for this purpose.
The Nuance of Escaping in LIKE Expressions
When preparing strings for LIKE statements, a more nuanced approach is required. In a LIKE expression, both % and _ become special characters, along with the escape character itself. To avoid misinterpretation, it's essential to perform two levels of escaping:
Addressing the Apparent Inconsistencies
The reason why the asterisk (", '') appears unescaped when returned from the database is that MySQL automatically screens out the s. This is a deviation from ANSI SQL, which states that characters other than % and _ should not be escaped.
Portability Considerations for LIKE Escaping
To ensure portability across databases, it's advisable to specify an alternative escape character using the LIKE ... ESCAPE ... construct. This overrides the default behavior and eliminates the reliance on MySQL's deviation from ANSI SQL.
The above is the detailed content of How to Properly Escape MySQL Wildcards: When and Why?. For more information, please follow other related articles on the PHP Chinese website!