Escape like pattern % and _ so that search containing these chars work like expected

jbtronics · jbtronics · commit 5dbe4ba00b65 · 2025-10-19T00:00:03.000+02:00
This fixes issue #1075
diff --git a/src/DataTables/Filters/Constraints/TextConstraint.php b/src/DataTables/Filters/Constraints/TextConstraint.php
@@ -96,14 +96,15 @@ public function apply(QueryBuilder $queryBuilder): void
 
         //The CONTAINS, LIKE, STARTS and ENDS operators use the LIKE operator, but we have to build the value string differently
         $like_value = null;
+        $escaped_value = str_replace(['%', '_'], ['\%', '\_'], $this->value);
         if ($this->operator === 'LIKE') {
-            $like_value = $this->value;
+            $like_value = $this->value; //Here we do not escape anything, as the user may provide % and _ wildcards
         } elseif ($this->operator === 'STARTS') {
-            $like_value = $this->value . '%';
+            $like_value = $escaped_value . '%';
         } elseif ($this->operator === 'ENDS') {
-            $like_value = '%' . $this->value;
+            $like_value = '%' . $escaped_value;
         } elseif ($this->operator === 'CONTAINS') {
-            $like_value = '%' . $this->value . '%';
+            $like_value = '%' . $escaped_value . '%';
         }
 
         if ($like_value !== null) {
diff --git a/src/DataTables/Filters/PartSearchFilter.php b/src/DataTables/Filters/PartSearchFilter.php
@@ -144,6 +144,8 @@ public function apply(QueryBuilder $queryBuilder): void
         if ($this->regex) {
             $queryBuilder->setParameter('search_query', $this->keyword);
         } else {
+            //Escape % and _ characters in the keyword
+            $this->keyword = str_replace(['%', '_'], ['\%', '\_'], $this->keyword);
             $queryBuilder->setParameter('search_query', '%' . $this->keyword . '%');
         }
     }
diff --git a/src/Doctrine/Functions/ILike.php b/src/Doctrine/Functions/ILike.php
@@ -56,7 +56,6 @@ public function getSql(SqlWalker $sqlWalker): string
     {
         $platform = $sqlWalker->getConnection()->getDatabasePlatform();
 
-        //
         if ($platform instanceof AbstractMySQLPlatform || $platform instanceof SQLitePlatform) {
             $operator = 'LIKE';
         } elseif ($platform instanceof PostgreSQLPlatform) {
@@ -66,6 +65,12 @@ public function getSql(SqlWalker $sqlWalker): string
             throw new \RuntimeException('Platform ' . gettype($platform) . ' does not support case insensitive like expressions.');
         }
 
-        return '(' . $this->value->dispatch($sqlWalker) . ' ' . $operator . ' ' . $this->expr->dispatch($sqlWalker) . ')';
+        $escape = "";
+        if ($platform instanceof SQLitePlatform) {
+            //SQLite needs ESCAPE explicitly defined backslash as escape character
+            $escape = " ESCAPE '\\'";
+        }
+
+        return '(' . $this->value->dispatch($sqlWalker) . ' ' . $operator . ' ' . $this->expr->dispatch($sqlWalker) . $escape . ')';
     }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -144,6 +144,8 @@ public function apply(QueryBuilder $queryBuilder): void`
`144`	`144`	`if ($this->regex) {`
`145`	`145`	`$queryBuilder->setParameter('search_query', $this->keyword);`
`146`	`146`	`} else {`
	`147`	`+ //Escape % and _ characters in the keyword`
	`148`	`+ $this->keyword = str_replace(['%', '_'], ['\%', '\_'], $this->keyword);`
`147`	`149`	`$queryBuilder->setParameter('search_query', '%' . $this->keyword . '%');`
`148`	`150`	`}`
`149`	`151`	`}`