What is the most important tip for working with Wildcard?

Pick SOSL for cross-object text search and SOQL for precise filtering on a known object. The wildcard syntax differs between them; using the wrong one produces invalid queries or unexpected behavior.

Wildcards enable pattern-based search matching.

The asterisk matches any number of characters.

PlatformAdvanced

Wildcard

Q: What does ? match?

The question mark matches exactly one character.

Wildcard in Salesforce SOSL and SOQL queries are special characters that match patterns rather than exact text.

Hear it

§ 01

Definition

Wildcard in Salesforce SOSL and SOQL queries are special characters that match patterns rather than exact text. The two supported wildcards are asterisk (*), which matches zero or more characters, and question mark (?), which matches exactly one character. Wildcards work inside SOSL search strings and in SOQL LIKE clauses, but with subtly different syntax: SOQL uses percent (%) and underscore (_) as wildcards instead of asterisk and question mark in some contexts, depending on whether the query targets the search index or the relational store.

The behavior is essential for any search-heavy feature in Salesforce, from the global search bar to custom Apex Search Services. Understanding the difference between SOSL wildcards (asterisk, question mark) and SOQL LIKE wildcards (percent, underscore) is one of the most common Salesforce certification exam topics. The difference matters because the underlying query engines (the text index vs the relational query plan) handle each wildcard differently.

§ 02

Wildcards in SOSL and SOQL: where each one belongs and how to use them safely

SOSL vs SOQL: where each wildcard belongs

Salesforce Object Search Language (SOSL) is the search engine query language, and Salesforce Object Query Language (SOQL) is the relational query language. SOSL queries the platform text index and supports asterisk (*) and question mark (?) wildcards inside the search term. SOQL queries the relational store and supports percent (%) and underscore (_) wildcards inside the LIKE clause of WHERE conditions. The two languages serve different jobs and have different wildcard conventions. SOSL is the right choice when you need to find records across multiple objects based on text content; SOQL is the right choice when you know which object you are querying and you need precise filtering with WHERE clauses. Mature Salesforce developers use SOSL for global search features and SOQL for record-level operations.

SOSL wildcard semantics and search index behavior

In SOSL, the asterisk matches zero or more characters, so FIND {acc*} matches Account, Acme, Acceptance, and so on. The question mark matches exactly one character, so FIND {h?t} matches hat, hot, hut but not haunt. Wildcards in SOSL operate against the platform text index, which stores tokenized and stemmed versions of every searchable field. The index optimization makes wildcard searches fast even on millions of records. SOSL has restrictions: a search term cannot begin with a wildcard (FIND {*acc} is invalid) because leading wildcards force a full scan of the index. SOSL also requires at least two non-wildcard characters in the search term to avoid trivially broad queries. These rules exist for performance; the platform protects itself from runaway searches.

SOQL LIKE wildcard semantics and query plan implications

In SOQL, the LIKE operator inside a WHERE clause uses percent (%) for zero-or-more-character match and underscore (_) for single-character match. WHERE Name LIKE acm% matches Account names starting with acm. WHERE Phone LIKE _123% matches phone numbers where the second through fourth characters are 123. Unlike SOSL, SOQL LIKE works on the relational store, so the query plan matters. A WHERE clause with LIKE on an unindexed field forces a full table scan; on a large object, this can hit governor limits or time out. Indexed fields (External IDs, primary keys, fields with custom indexes) handle LIKE much better. Mature developers add custom indexes to fields they frequently filter with LIKE, or convert the search to SOSL for better performance on large data sets.

When wildcards are useful and when they get in the way

Wildcards are useful when the search term is partial or imprecise. A user looking up a company called Acme Industries Inc might type acm and expect to find the record; a SOSL search with FIND {acm*} delivers that experience. Wildcards also help with fuzzy data: phone numbers with varying formats, addresses with abbreviations. They get in the way when the search needs to be precise: an exact product code search should not stem and should not wildcard, since false positives are worse than no match. Mature search implementations let users explicitly mark their search as fuzzy versus exact, or apply different wildcards based on the context. Building this distinction into the search experience is the difference between a search box that helps and one that frustrates users.

Wildcards in Apex Search Services and Lightning Components

Custom search components built with Lightning Web Components or Apex typically wrap SOSL or SOQL behind a friendlier user interface. The component receives a user-entered search string, appends wildcards programmatically, and passes the result to the underlying query. Common patterns: append asterisk to the end of the search term for prefix matching (FIND {input*}); append asterisk to both ends for substring matching (FIND {*input*}); apply wildcards conditionally based on the input length (only wildcard if the user typed at least three characters). Developers also have to escape special characters (single quotes, backslashes) in the user input before assembling the SOSL or SOQL query to avoid injection vulnerabilities. The Salesforce String.escapeSingleQuotes() helper handles the common cases.

Performance, governor limits, and the cost of broad wildcards

Wildcards have a performance cost. Leading wildcards in SOSL (which are blocked) and underscore wildcards in SOQL LIKE force scans that bypass the index optimization. On large objects, this means a query that returns quickly on small data sets times out at scale. Mature implementations test search-heavy features against production-like data volumes in a sandbox before launching. Apex governor limits (SOSL: 2000 search results, 20 concurrent queries; SOQL: 50,000 rows returned, 100 query rows in synchronous Apex) apply to wildcard queries too. Combining wildcards with proper indexing, sensible result limits, and asynchronous execution where possible is the standard pattern for scaling search features without hitting limits. Mature search UI also paginates results and uses progressive disclosure rather than showing everything at once.

§ 03

Using wildcards safely in SOSL and SOQL

Working with wildcards in Salesforce is a developer activity rather than an admin configuration. The four-piece routine covers: pick the right query language (SOSL or SOQL), apply the right wildcard syntax for that language, escape user input to prevent injection, and test under realistic data volumes. Each step matters; skipping any of them produces either bad results or production performance problems that only surface at scale. This guide covers the standard pattern for building a custom search feature; the same principles apply to admin tasks like Report criteria with LIKE filters.

Pick SOSL or SOQL based on the query shape
Decide whether the query is text-search across multiple objects (SOSL) or precise filtering on a known object (SOQL). For global search bars and auto-complete features, SOSL is almost always the right choice; it queries the text index, returns results across multiple objects, and handles fuzzy text matching well. For lookup operations with a known object and exact field criteria, SOQL with LIKE is appropriate. Mixing the two (SOSL for the broad search, SOQL for the detail filter) is also fine and often necessary. Document the query-type decision in the code so future developers maintaining the search understand which constraints apply.
Apply the right wildcard syntax for the chosen language
For SOSL, append asterisk (*) for zero-or-more-character match, or use question mark (?) for single-character match. Place wildcards at the end of the search term (FIND {acm*}) or both ends (FIND {*acm*}) but never at the start alone (FIND {*acme} is invalid). For SOQL LIKE, use percent (%) for multi-character match and underscore (_) for single-character match. WHERE Name LIKE acm% for prefix match, WHERE Name LIKE %acm% for substring match. Test each query in Developer Console or Workbench before embedding in code to confirm the syntax is right.
Escape user input to prevent injection
Before assembling a dynamic SOSL or SOQL query from user input, escape special characters using Salesforce String.escapeSingleQuotes() or equivalent. Without escaping, a user typing a single quote, backslash, or wildcard character can break the query syntax or, worse, inject malicious filtering. Treat all user input as untrusted; never concatenate user input directly into a query string. For LWC components, the wrap-and-escape happens in the Apex method that receives the input; for Apex Triggers and Classes, do the escaping at the input boundary. Document the escaping pattern as part of the developer guidelines.
Test under realistic data volumes
In a sandbox refreshed from production (or a Partial Copy with representative data), test the search feature at realistic record counts. Confirm query performance under load: response time stays under a second for the common case, well below governor limits. Check edge cases: empty input, very short input (one or two characters), input with special characters, very long input. For SOSL wildcard searches, confirm the platform accepts the query (a search with too few non-wildcard characters is rejected). Document the performance characteristics in the technical design so future maintainers know what the search is expected to handle.

Gotchas

SOSL and SOQL use different wildcard characters. Asterisk and question mark for SOSL; percent and underscore for SOQL LIKE. Mixing them produces invalid queries or unexpected behavior.
Leading wildcards in SOSL (FIND {*acm}) are blocked because they bypass the text index. SOQL LIKE allows leading percent but pays for it with full table scans on large objects.
Dynamic SOQL or SOSL with un-escaped user input is a SOQL injection vulnerability. Always use String.escapeSingleQuotes() or parameterized queries; never concatenate user input directly.
LIKE queries on unindexed fields force full table scans. On objects with millions of records, this hits governor limits or times out. Add custom indexes to frequently-filtered fields or use SOSL instead.
Test wildcards under realistic data volumes in sandbox. A query that returns quickly on 100 test records can time out on 10 million production records; surprise performance issues at launch damage user trust.

Trust & references

Official documentation

Straight from the source - Salesforce's reference material on Wildcard.

SOSL ReferenceSalesforce Developer Docs
SOQL ReferenceSalesforce Developer Docs
Dynamic SOQL and Injection PreventionSalesforce Developer Docs

Keep learning

Hands-on resources to go deeper on Wildcard.

Apex Database and DML (Trailhead)Trailhead ·

Was this entry helpful?

Help us write better definitions. Quick reactions or detailed edit suggestions.

About the Author

Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.

Test your knowledge

Q1. What is a Wildcard?

Q2. What does * match?

Q3. What does ? match?

Discussion

Loading…

Loading discussion…

Back to Dictionary