how to use ilike securely?
ilike(table, sql
%${userQuery}%) produces the wrong SQL code by adding quotes around the userQuery text. however we can't use sql.raw as it would make this suceptible to sql injection. how can we interpolate user provided for ilike ? Thx3 Replies
ilike(table,
%${query}% is a not a valid SQL fragment => '%'queryText'%'
instead of '%queryText%':+1