<div dir="ltr">Glad to help!<div><br></div><div>Personally, it looks like a weird implementation issue. % and _ are clearly constructs in SQLite (and SQL in general), so the parsing should be able to handle wildcards near the substitution character, but it apparently can't. </div><div><br></div><div>The sheer number of people asking that question on Stack Overflow makes me feel like it's something that should be considered a bug, but it's apparently been that way for a while, so I doubt that's gonna change.</div><div><br></div><div>Good luck with Flask!</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Anthony Ford,<br>KF5IBN,<div><a href="mailto:ford.anthonyj@gmail.com" target="_blank">ford.anthonyj@gmail.com</a></div></div></div></div>

<br><div class="gmail_quote">On Tue, Jan 10, 2017 at 12:10 PM, Tom via Flask <span dir="ltr"><<a href="mailto:flask@python.org" target="_blank">flask@python.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000">

    <div class="m_-5830639413351154707moz-cite-prefix">Thanks Anthony! A good 'Doh' moment

      there. Spent so much time trying to get the parameter substitution

      bent to my will it looks like I was even trying to throw 'C' at it

      in the end!<span class="HOEnZb"><font color="#888888"><br>

      Tom</font></span><div><div class="h5"><br>

      On 10/01/17 16:30, Anthony Ford wrote:<br>

    </div></div></div><div><div class="h5">

    <blockquote type="cite">

      <div dir="ltr">I think the issue is it's not seeing the % as the

        wildcard. If you add the wildcard chars to the search string

        before you supply it to execute, it works.

        <div><br>

        </div>

        <div>There's a few Stack Overflow questions on this same topic: <a href="http://stackoverflow.com/questions/3105249/python-sqlite-parameter-substitution-with-wildcards-in-like" target="_blank"></a><a class="m_-5830639413351154707moz-txt-link-freetext" href="http://stackoverflow.com/questions/3105249/python-sqlite-parameter-substitution-with-wildcards-in-like" target="_blank">http://stackoverflow.<wbr>com/questions/3105249/python-<wbr>sqlite-parameter-substitution-<wbr>with-wildcards-in-like</a></div>

        <div><br>

        </div>

        <div>Try:</div>

        <div>

          <blockquote style="margin:0 0 0 40px;border:none;padding:0px">

            <div><font face="monospace, monospace">searchstring = </font><span style="font-family:monospace,monospace">'%'+request.form['searchstr'<wbr>]+'%'</span></div>

          </blockquote>

          <blockquote style="margin:0 0 0 40px;border:none;padding:0px">

            <div><font face="monospace, monospace">cur =

                g.db.execute('select * from entries where description

                like (?) order by id desc',(searchstring,))</font></div>

            <div><font face="monospace, monospace"><br>

              </font></div>

          </blockquote>

          <font face="arial, helvetica, sans-serif">The only change is

            adding the '%' surrounding your search string.</font></div>

        <div><font face="arial, helvetica, sans-serif"><br>

          </font></div>

      </div>

      <div class="gmail_extra"><br clear="all">

        <div>

          <div class="m_-5830639413351154707gmail_signature" data-smartmail="gmail_signature">

            <div dir="ltr">Anthony Ford,<br>

              KF5IBN,

              <div><a href="mailto:ford.anthonyj@gmail.com" target="_blank">ford.anthonyj@gmail.com</a></div>

            </div>

          </div>

        </div>

        <br>

        <div class="gmail_quote">On Tue, Jan 10, 2017 at 5:37 AM, Tom

          via Flask <span dir="ltr"><<a href="mailto:flask@python.org" target="_blank">flask@python.org</a>></span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I'm trying

            to modify the flaskr tutorial to make a full blown wiki

            using ckeditor and its mostly working ok - bar the search.<br>

            There is a field 'description' which is meant to contain

            words and phrases for searching.<br>

            I wish to search a text field in the database but cannot get

            anything other than the following to parse:<br>

            <br>

                searchstring=request.form['sea<wbr>rchstr'];<br>

                cur = g.db.execute('select * from entries where

            description like (?) order by id desc',(searchstring,))<br>

            <br>

            any attempts to add %'s etc seem lead to failure. I can

            build the sql string myself but would like to make it safe.<br>

            Any ideas how to do this?<br>

            Tom<br>

            ______________________________<wbr>_________________<br>

            Flask mailing list<br>

            <a href="mailto:Flask@python.org" target="_blank">Flask@python.org</a><br>

            <a href="https://mail.python.org/mailman/listinfo/flask" rel="noreferrer" target="_blank">https://mail.python.org/mailma<wbr>n/listinfo/flask</a><br>

          </blockquote>

        </div>

        <br>

      </div>

    </blockquote>

    <p><br>

    </p>

  </div></div></div>

<br>______________________________<wbr>_________________<br>

Flask mailing list<br>

<a href="mailto:Flask@python.org">Flask@python.org</a><br>

<a href="https://mail.python.org/mailman/listinfo/flask" rel="noreferrer" target="_blank">https://mail.python.org/<wbr>mailman/listinfo/flask</a><br>

<br></blockquote></div><br></div>