1

I am trying to search in my mysql database with LIKE statement :

indexstr = request.GET['index']
indexstr = '%' + indexstr + '%'
offset = int(request.GET['offset'])
for row_data in advertisement.objects.raw(
        'select * from requests_advertisement WHERE short_description LIKE '    + indexstr + ' LIMIT 10 OFFSET ' + str(offset*5)):

But it has this error: Error Image

It seems that it cannot work with % character. When I remove % it works correctly.

Improve this question
2
  • 1
    The code executing and "working correctly" are two different things. Don't use string concatenation to build your queries, it's an SQL injection risk. Commented Mar 10, 2019 at 14:06
  • I don't know the exact setups here, but something like cursor.execute("""select * from requests_advertisement WHERE short_description LIKE %s""", ('%' + indexstr + '%',)) Commented Mar 10, 2019 at 14:08

1 Answer 1

Reset to default
1

There's no reason to use a raw query here. You need the __icontains lookup:

advertisement.objects.filter(short_description__icontains=request.GET["index"])
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks a lot,it worked ;-), does it have a same performance and speed as a query with like statement.and what about "match() against() query" ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.