utils.py
python
sha256:0997d6250ae6476362f6fe2025af7789f46d03df3e9f34356d5e8ee79b201923
fix(issues): use issue number as pagination cursor, not cre…
Sonnet 4.6
patch
8 days ago
| 1 | """Database query utilities.""" |
| 2 | |
| 3 | def escape_like(s: str) -> str: |
| 4 | """Escape SQL LIKE metacharacters in a user-supplied string. |
| 5 | |
| 6 | Use this before embedding user input as a *literal substring* inside a |
| 7 | LIKE / ILIKE pattern. Always pair with ``escape="\\\\"`` on the ORM call:: |
| 8 | |
| 9 | column.ilike(f"%{escape_like(q)}%", escape="\\\\") |
| 10 | column.contains(escape_like(q), escape="\\\\") |
| 11 | |
| 12 | Without escaping, a user can supply ``%`` (matches everything) or ``_`` |
| 13 | (matches any single character), turning a substring search into a wildcard |
| 14 | query. Escaping makes those characters literal. |
| 15 | |
| 16 | The backslash is escaped first to avoid double-escaping. |
| 17 | """ |
| 18 | return s.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_") |
File History
1 commit
sha256:0997d6250ae6476362f6fe2025af7789f46d03df3e9f34356d5e8ee79b201923
fix(issues): use issue number as pagination cursor, not cre…
Sonnet 4.6
patch
8 days ago