Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

In a Rails WHERE LIKE query, what does the percent sign mean?

In a simple search like this:

find.where('name LIKE ?', "%#{search}%")

I understand that #{search} is just string interpolation. What do the % symbols do?

like image 519
Max Pekarsky Avatar asked Sep 17 '15 22:09

Max Pekarsky


People also ask

What is the percent sign used for in SQL?

The SQL LIKE Operator There are two wildcards often used in conjunction with the LIKE operator: The percent sign (%) represents zero, one, or multiple characters. The underscore sign (_) represents one, single character.

What does the percent sign mean in Ruby?

It is a string. In ruby, you can define strings in may ways. Single or double quotes are the most common, %s is another. You can also define strings with any delimiter, as used in this script. For example %^Is also a string^ , or %$Also a string$ .

What is SQL injection in rails?

SQL injection is when a user is able to manipulate a value which is used unsafely inside a SQL query. This can lead to data leaks, data loss, elevation of privilege, and other unpleasant outcomes. Brakeman focuses on ActiveRecord methods dealing with building SQL statements.


1 Answers

The percent sign % is a wildcard in SQL that matches zero or more characters. Thus, if search is "hello", it would match strings in the database such as "hello", "hello world", "well hello world", etc.

Note that this is a part of SQL and is not specific to Rails/ActiveRecord. The queries it can be used with, and the precise behavior of LIKE, differ based on SQL dialect (MySQL, PostgreSQL, etc.).

like image 140
eirikir Avatar answered Nov 07 '22 04:11

eirikir