Gorm Escape LIKE parameters containing wildcard characters like % (and _)

Your Question

In GORM documentation there is an example how to use LIKE conditions:

// LIKE
db.Where("name LIKE ?", "%jin%").Find(&users)
// SELECT * FROM users WHERE name LIKE '%jin%';

The problem that I have with this approach is that if jin is user input variable it can contain wildcard symbols like %. How can I escape such wildcard symbols?

For me these symbols must be used in the left part like:

db.Where("name LIKE %?%", "jin").Find(&users)

OR

db.Where("name LIKE '%' || ? || '%'", "jin").Find(&users)

and the ORM should escape automatically the parameter, but this is not how it behaves.

What is the right solution?

The document you expected this should be explained

https://gorm.io/docs/query.html#String-Conditions

Expected answer

Probably some postgresql function should be called to escape the input variable or this should be done by GORM

Comment From: li-jin-gou

refer to https://gorm.cn/docs/security.html

Comment From: pboguslawski

refer to https://gorm.cn/docs/security.html

Didn't find solution on mentioned page for escaping % nor _ in GORM generated like SQL queries. It should be clearly described in GORM docs if like searching for strings containing literal % and _ is possible and how.

Related: - https://www.w3schools.com/sql/sql_like.asp - https://stackoverflow.com/questions/3683746/escaping-mysql-wild-cards