Thread: PreparedStatements, LIKE and the % operator
View Single Post

   
  #1 (permalink)  
Old 04-16-2008, 01:34 AM
j.random.programmer
 
Posts: n/a
Default PreparedStatements, LIKE and the % operator
Hi:

I am using postgres 8.2 with the 8.2.504 jdbc3 driver.

I am getting data from a untrusted source. Hence a
prepared
statement. I also need a partial match.

String query = " select * from table_foo where bar =
LIKE %?% "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
.....

This craps out when run. Try adding single quotes
before and
after the: %?%

String query = " select * from table_foo where bar =
LIKE '%?%' "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
....

This craps out too.

A quick search of the archives doesn't shed light on
this issue. I
don't need a JDBC escape since I want to use a % char.

So how do I use LIKE within a prepared statement ? I'm
sure I'm
missing something obvious here....

Best regards,
--j





__________________________________________________ __________________________________
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at

http://www.postgresql.org/about/donate

Reply With Quote