Escape wildcards in typed SqlExpression when using StartsWith/EndsWith/Contains

Author: mythz

src/ServiceStack.OrmLite/Expressions/SqlExpression.cs

@@ -1305,16 +1305,20 @@ protected virtual object VisitColumnAccessMethod(MethodCallExpression m)
                     statement = string.Format("lower({0})", quotedColName);
                     break;
                 case "StartsWith":
-                    statement = string.Format("upper({0}) like {1} ",
-                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue(args[0].ToString().ToUpper() + "%"));
+                    statement = string.Format("upper({0}) like {1} escape '\\'",
+                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue(
+                            OrmLiteConfig.DialectProvider.EscapeWildcards(args[0].ToString()).ToUpper() + "%"));
                     break;
                 case "EndsWith":
-                    statement = string.Format("upper({0}) like {1}",
-                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue("%" + args[0].ToString().ToUpper()));
+                    statement = string.Format("upper({0}) like {1} escape '\\'",
+                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue("%" +
+                        OrmLiteConfig.DialectProvider.EscapeWildcards(args[0].ToString()).ToUpper()));
                     break;
                 case "Contains":
-                    statement = string.Format("upper({0}) like {1}",
-                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue("%" + args[0].ToString().ToUpper() + "%"));
+                    statement = string.Format("upper({0}) like {1} escape '\\'",
+                        quotedColName, OrmLiteConfig.DialectProvider.GetQuotedValue("%" +
+                            OrmLiteConfig.DialectProvider.EscapeWildcards(args[0].ToString()).ToUpper() 
+                            + "%"));
                     break;
                 case "Substring":
                     var startIndex = Int32.Parse(args[0].ToString()) + 1;

src/ServiceStack.OrmLite/IOrmLiteDialectProvider.cs

@@ -25,6 +25,8 @@ public interface IOrmLiteDialectProvider
 
         bool UseUnicode { get; set; }
 
+        string EscapeWildcards(string value);
+
         INamingStrategy NamingStrategy { get; set; }
 
         IStringSerializer StringSerializer { get; set; }

src/ServiceStack.OrmLite/OrmLiteDialectProviderBase.cs

@@ -1286,5 +1286,15 @@ public virtual string GetQuotedValue(object value, Type fieldType)
                     : value.ToString();
         }
 
+        public virtual string EscapeWildcards(string value)
+        {
+            if (value == null)
+                return null;
+
+            return value
+                .Replace(@"\", @"\\")
+                .Replace("_", @"\_")
+                .Replace("%", @"\%");
+        }
     }
 }

tests/ServiceStack.OrmLite.Tests/Expression/SelectExpressionTests.cs

@@ -59,7 +59,8 @@ public void Can_select_on_Dates()
                 };
 
                 var i = 0;
-                dates.Each(x => db.Insert(new Submission {
+                dates.Each(x => db.Insert(new Submission
+                {
                     Id = i++,
                     StoryDate = x,
                     Headline = "Headline" + i,
@@ -73,8 +74,8 @@ public void Can_select_on_Dates()
                     Is.EqualTo(3));
 
                 var storyDateTime = new DateTime(2014, 1, 1);
-                Assert.That(db.Select<Submission>(q => q.StoryDate > storyDateTime - new TimeSpan(1,0,0,0) &&
-                                                       q.StoryDate < storyDateTime + new TimeSpan(1,0,0,0)).Count,
+                Assert.That(db.Select<Submission>(q => q.StoryDate > storyDateTime - new TimeSpan(1, 0, 0, 0) &&
+                                                       q.StoryDate < storyDateTime + new TimeSpan(1, 0, 0, 0)).Count,
                     Is.EqualTo(3));
             }
         }
@@ -135,7 +136,35 @@ public void Can_select_Partial_SQL_Statements()
                     Is.EquivalentTo(new[] { "555-UNICORNS", "555-PLANES" }));
                 Assert.That(partialDto.Map(x => x.CompanyName),
                     Is.EquivalentTo(new[] { "Planes R Us", "We do everything!" }));
-            }            
+            }
+        }
+
+        [Test]
+        public void Can_escape_wildcards()
+        {
+            using (var db = OpenDbConnection())
+            {
+                db.DropAndCreateTable<Shipper>();
+
+                db.Insert(new Shipper { CompanyName = "a" });
+                db.Insert(new Shipper { CompanyName = "ab" });
+                db.Insert(new Shipper { CompanyName = "a_c" });
+                db.Insert(new Shipper { CompanyName = "a_cd" });
+                db.Insert(new Shipper { CompanyName = "abcd" });
+                db.Insert(new Shipper { CompanyName = "a%" });
+                db.Insert(new Shipper { CompanyName = "a%b" });
+                db.Insert(new Shipper { CompanyName = "a%bc" });
+                db.Insert(new Shipper { CompanyName = "a\\" });
+                db.Insert(new Shipper { CompanyName = "a\\b" });
+                db.Insert(new Shipper { CompanyName = "a\\bc" });
+
+                Assert.That(db.Count<Shipper>(q => q.CompanyName == "a_"), Is.EqualTo(0));
+                Assert.That(db.Count<Shipper>(q => q.CompanyName.StartsWith("a_")), Is.EqualTo(2));
+                Assert.That(db.Count<Shipper>(q => q.CompanyName.StartsWith("a%")), Is.EqualTo(3));
+                Assert.That(db.Count<Shipper>(q => q.CompanyName.StartsWith("a_c")), Is.EqualTo(2));
+                Assert.That(db.Count<Shipper>(q => q.CompanyName.StartsWith(@"a\")), Is.EqualTo(3));
+                Assert.That(db.Count<Shipper>(q => q.CompanyName.StartsWith(@"a\b")), Is.EqualTo(2));
+            }
         }
     }