doctrine · Ocramius · Feb 17, 2018 · Feb 5, 2018 · Feb 6, 2018 · Feb 7, 2018
diff --git a/lib/Doctrine/DBAL/Platforms/AbstractPlatform.php b/lib/Doctrine/DBAL/Platforms/AbstractPlatform.php
@@ -42,6 +42,11 @@
 use Doctrine\DBAL\TransactionIsolationLevel;
 use Doctrine\DBAL\Types;
 use Doctrine\DBAL\Types\Type;
+use function addcslashes;
+use function preg_quote;
+use function preg_replace;
+use function sprintf;
+use function strlen;
 
 /**
  * Base class for all DatabasePlatforms. The DatabasePlatforms are the central
@@ -3578,4 +3583,26 @@ public function getStringLiteralQuoteCharacter()
     {
         return "'";
     }
+
+    /**
+     * Escapes metacharacters in a string intended to be used with a LIKE
+     * operator.
+     *
+     * @param string $inputString a literal, unquoted string
+     * @param string $escapeChar  should be reused by the caller in the LIKE
+     *                            expression.
+     */
+    final public function escapeStringForLike(string $inputString, string $escapeChar) : string
+    {
+        return preg_replace(
+            '~([' . preg_quote($this->getLikeWildcardCharacters() . $escapeChar, '~') . '])~u',
+            addcslashes($escapeChar, '\\') . '$1',
+            $inputString
+        );
+    }
+
+    protected function getLikeWildcardCharacters() : string
+    {
+        return '%_';
+    }
 }
diff --git a/lib/Doctrine/DBAL/Platforms/SQLServer2008Platform.php b/lib/Doctrine/DBAL/Platforms/SQLServer2008Platform.php
@@ -116,4 +116,9 @@ protected function getReservedKeywordsClass()
     {
         return Keywords\SQLServer2008Keywords::class;
     }
+
+    protected function getLikeWildcardCharacters() : string
+    {
+        return parent::getLikeWildcardCharacters() . '[]^';
+    }
 }
diff --git a/lib/Doctrine/DBAL/Query/Expression/ExpressionBuilder.php b/lib/Doctrine/DBAL/Query/Expression/ExpressionBuilder.php
@@ -20,6 +20,9 @@
 namespace Doctrine\DBAL\Query\Expression;
 
 use Doctrine\DBAL\Connection;
+use function func_get_arg;
+use function func_num_args;
+use function sprintf;
 
 /**
  * ExpressionBuilder class is responsible to dynamically create SQL query parts.
@@ -254,9 +257,10 @@ public function isNotNull($x)
      *
      * @return string
      */
-    public function like($x, $y)
+    public function like($x, $y/*, ?string $escapeChar = null */)
     {
-        return $this->comparison($x, 'LIKE', $y);
+        return $this->comparison($x, 'LIKE', $y) .
+            (func_num_args() >= 3 ? sprintf(' ESCAPE %s', func_get_arg(2)) : '');
     }
 
     /**
@@ -267,9 +271,10 @@ public function like($x, $y)
      *
      * @return string
      */
-    public function notLike($x, $y)
+    public function notLike($x, $y/*, ?string $escapeChar = null */)
     {
-        return $this->comparison($x, 'NOT LIKE', $y);
+        return $this->comparison($x, 'NOT LIKE', $y) .
+            (func_num_args() >= 3 ? sprintf(' ESCAPE %s', func_get_arg(2)) : '');
     }
 
     /**

diff --git a/tests/Doctrine/Tests/DBAL/Functional/LikeWildcardsEscapingTest.php b/tests/Doctrine/Tests/DBAL/Functional/LikeWildcardsEscapingTest.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Doctrine\Tests\DBAL\Functional;
+
+use Doctrine\Tests\DbalFunctionalTestCase;
+use function sprintf;
+use function str_replace;
+
+final class LikeWildcardsEscapingTest extends DbalFunctionalTestCase
+{
+    public function testFetchLikeExpressionResult() : void
+    {
+        $string           = '_25% off_ your next purchase \o/ [$̲̅(̲̅5̲̅)̲̅$̲̅] (^̮^)';
+        $escapeChar       = '!';
+        $databasePlatform = $this->_conn->getDatabasePlatform();
+        $stmt             = $this->_conn->prepare(str_replace(
+            '1',
+            sprintf(
+                "(CASE WHEN '%s' LIKE '%s' ESCAPE '%s' THEN 1 ELSE 0 END)",
+                $string,
+                $databasePlatform->escapeStringForLike($string, $escapeChar),
+                $escapeChar
+            ),
+            $databasePlatform->getDummySelectSQL()
+        ));
+        $stmt->execute();
+        $this->assertTrue((bool) $stmt->fetchColumn());
+    }
+}
diff --git a/tests/Doctrine/Tests/DBAL/Platforms/AbstractPlatformTestCase.php b/tests/Doctrine/Tests/DBAL/Platforms/AbstractPlatformTestCase.php
@@ -1468,4 +1468,12 @@ public function getGeneratesFloatDeclarationSQL()
             array(array('precision' => 8, 'scale' => 2), 'DOUBLE PRECISION'),
         );
     }
+
+    public function testItEscapesStringsForLike() : void
+    {
+        self::assertSame(
+            '\_25\% off\_ your next purchase \\\\o/',
+            $this->_platform->escapeStringForLike('_25% off_ your next purchase \o/', '\\')
+        );
+    }
 }
diff --git a/tests/Doctrine/Tests/DBAL/Query/Expression/ExpressionBuilderTest.php b/tests/Doctrine/Tests/DBAL/Query/Expression/ExpressionBuilderTest.php
@@ -219,4 +219,33 @@ public function testNotInWithPlaceholder()
     {
         self::assertEquals('u.groups NOT IN (:values)', $this->expr->notIn('u.groups', ':values'));
     }
+
+    public function testLikeWithoutEscape()
+    {
+        self::assertEquals("a.song LIKE 'a virgin'", $this->expr->like('a.song', "'a virgin'"));
+    }
+
+    public function testLikeWithEscape()
+    {
+        self::assertEquals(
+            "a.song LIKE 'a virgin' ESCAPE '💩'",
+            $this->expr->like('a.song', "'a virgin'", "'💩'")
+        );
+    }
+
+    public function testNotLikeWithoutEscape()
+    {
+        self::assertEquals(
+            "s.last_words NOT LIKE 'this'",
+            $this->expr->notLike('s.last_words', "'this'")
+        );
+    }
+
+    public function testNotLikeWithEscape()
+    {
+        self::assertEquals(
+            "p.description NOT LIKE '20💩%' ESCAPE '💩'",
+            $this->expr->notLike('p.description', "'20💩%'", "'💩'")
+        );
+    }
 }