| From: | Barry Lind <blind(at)xythos(dot)com> |
|---|---|
| To: | j(dot)random(dot)programmer <javadesigner(at)yahoo(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: PreparedStatements, LIKE and the % operator |
| Date: | 2007-02-03 17:09:06 |
| Message-ID: | D5C55DA5-283C-43A3-A990-450079009651@xythos.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
I would suggest:
LIKE '%' || ? || '%'
On Feb 2, 2007, at 10:58 PM, j.random.programmer wrote:
> Hi:
>
> I am using postgres 8.2 with the 8.2.504 jdbc3 driver.
>
> I am getting data from a untrusted source. Hence a
> prepared
> statement. I also need a partial match.
>
> String query = " select * from table_foo where bar =
> LIKE %?% "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ....
>
> This craps out when run. Try adding single quotes
> before and
> after the: %?%
>
> String query = " select * from table_foo where bar =
> LIKE '%?%' "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ...
>
> This craps out too.
>
> A quick search of the archives doesn't shed light on
> this issue. I
> don't need a JDBC escape since I want to use a % char.
>
> So how do I use LIKE within a prepared statement ? I'm
> sure I'm
> missing something obvious here....
>
> Best regards,
> --j
>
>
>
>
>
> ______________________________________________________________________
> ______________
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.
> http://autos.yahoo.com/new_cars.html
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 7: You can help support the PostgreSQL project by donating at
>
> http://www.postgresql.org/about/donate
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Miroslav Šulc | 2007-02-03 19:25:26 | Re: JDBC and arrays |
| Previous Message | Thomas Kellerer | 2007-02-03 09:30:46 | Re: PreparedStatements, LIKE and the % operator |