From: | dmp <danap(at)ttc-cmc(dot)net> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: how to Escape single quotes with PreparedStatment |
Date: | 2011-08-20 15:10:01 |
Message-ID: | 4E4FCE49.2000605@ttc-cmc.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
JavaNoobie wrote:
> Hi All,
> I'm trying to write a preparedstatement query as below.
>
> String query= "SELECT count(*) over () as ROWCOUNT,
> CONSUMER_ID,WENEXA_ID,CONSUMER_NAME,CONTACT_NO,residing_village from
> db_consumer WHERE (lower(CONSUMER_NAME) LIKE (lower('%"+name+"%'))OR
> (lower('" + name + "')='')) AND (lower(RESIDING_VILLAGE) LIKE
> (lower('%"+village+"%')) OR (lower('" + village + "')='')) AND
> (lower(WENEXA_ID) LIKE (lower('%"+wenexaid+"%'))OR(lower( '" + wenexaid +
> "')='')) LIMIT '"+pageLimit+"'OFFSET '"+pageOffset+"'";
>
> stmt = con.prepareStatement(query);
> rs= stmt.executeQuery();
>
> However , the query fails with postgresql when a double quote is passed into
> it.I was under the impression that Prepared statement would take care of the
> same . But can anyone explain why I'm getting the error?
> Thank you.
Perhaps to get a better idea of what exactly the query string
is that is being executed you could:
System.out.println(query);
stmt = con.prepareStatement(query);
rs= stmt.executeQuery();
danap.
From | Date | Subject | |
---|---|---|---|
Next Message | Maciek Sakrejda | 2011-08-21 01:52:49 | Re: how to Escape single quotes with PreparedStatment |
Previous Message | Andrew Hastie | 2011-08-20 14:23:53 | Re: how to Escape single quotes with PreparedStatment |