Skip site navigation (1) Skip section navigation (2)

Re: PreparedStatements, LIKE and the % operator

From: Thomas Kellerer <spam_eater(at)gmx(dot)net>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: PreparedStatements, LIKE and the % operator
Date: 2007-02-03 09:30:46
Message-ID: eq1ko7$v73$1@sea.gmane.org (view raw or flat)
Thread:
Lists: pgsql-jdbc
j.random.programmer wrote on 03.02.2007 04:58:
> Hi:
> 
> I am using postgres 8.2 with the 8.2.504 jdbc3 driver.
> 
> I am getting data from a untrusted source. Hence a
> prepared 
> statement. I also need a partial match.
> 
> String query =  " select * from table_foo where bar =
> LIKE %?% "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");

That should be:

String query = "select * from table_foo where bar like ?";
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "%haha%");

Thomas


In response to

pgsql-jdbc by date

Next:From: Barry LindDate: 2007-02-03 17:09:06
Subject: Re: PreparedStatements, LIKE and the % operator
Previous:From: j.random.programmerDate: 2007-02-03 05:59:26
Subject: Re: PreparedStatements, LIKE and the % operator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group