From: | JavaNoobie <vivek(dot)mv(at)enzentech(dot)com> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | how to Escape single quotes with PreparedStatment |
Date: | 2011-08-20 11:55:45 |
Message-ID: | 1313841345919-4718287.post@n5.nabble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Hi All,
I'm trying to write a preparedstatement query as below.
String query= "SELECT count(*) over () as ROWCOUNT,
CONSUMER_ID,WENEXA_ID,CONSUMER_NAME,CONTACT_NO,residing_village from
db_consumer WHERE (lower(CONSUMER_NAME) LIKE (lower('%"+name+"%'))OR
(lower('" + name + "')='')) AND (lower(RESIDING_VILLAGE) LIKE
(lower('%"+village+"%')) OR (lower('" + village + "')='')) AND
(lower(WENEXA_ID) LIKE (lower('%"+wenexaid+"%'))OR(lower( '" + wenexaid +
"')='')) LIMIT '"+pageLimit+"'OFFSET '"+pageOffset+"'";
stmt = con.prepareStatement(query);
rs= stmt.executeQuery();
However , the query fails with postgresql when a double quote is passed into
it.I was under the impression that Prepared statement would take care of the
same . But can anyone explain why I'm getting the error?
Thank you.
--
View this message in context: http://postgresql.1045698.n5.nabble.com/how-to-Escape-single-quotes-with-PreparedStatment-tp4718287p4718287.html
Sent from the PostgreSQL - jdbc mailing list archive at Nabble.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Hastie | 2011-08-20 14:23:53 | Re: how to Escape single quotes with PreparedStatment |
Previous Message | Jonas Sundman | 2011-08-18 09:15:26 | getTablePrivileges empty if table owned by group role |