| From: | "j(dot)random(dot)programmer" <javadesigner(at)yahoo(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | PreparedStatements, LIKE and the % operator |
| Date: | 2007-02-03 03:58:42 |
| Message-ID: | 895911.8931.qm@web32005.mail.mud.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Hi:
I am using postgres 8.2 with the 8.2.504 jdbc3 driver.
I am getting data from a untrusted source. Hence a
prepared
statement. I also need a partial match.
String query = " select * from table_foo where bar =
LIKE %?% "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
....
This craps out when run. Try adding single quotes
before and
after the: %?%
String query = " select * from table_foo where bar =
LIKE '%?%' "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
...
This craps out too.
A quick search of the archives doesn't shed light on
this issue. I
don't need a JDBC escape since I want to use a % char.
So how do I use LIKE within a prepared statement ? I'm
sure I'm
missing something obvious here....
Best regards,
--j
____________________________________________________________________________________
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Cramer | 2007-02-03 04:37:23 | Re: PreparedStatements, LIKE and the % operator |
| Previous Message | Kris Jurka | 2007-02-02 23:50:30 | Re: Jdbc3PoolingDataSource ssl question |