Re: PreparedStatements, LIKE and the % operator

From: Barry Lind <blind(at)xythos(dot)com>
To: j(dot)random(dot)programmer <javadesigner(at)yahoo(dot)com>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: PreparedStatements, LIKE and the % operator
Date: 2007-02-03 17:09:06
Message-ID: D5C55DA5-283C-43A3-A990-450079009651@xythos.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

I would suggest:

LIKE '%' || ? || '%'

On Feb 2, 2007, at 10:58 PM, j.random.programmer wrote:

> Hi:
>
> I am using postgres 8.2 with the 8.2.504 jdbc3 driver.
>
> I am getting data from a untrusted source. Hence a
> prepared
> statement. I also need a partial match.
>
> String query = " select * from table_foo where bar =
> LIKE %?% "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ....
>
> This craps out when run. Try adding single quotes
> before and
> after the: %?%
>
> String query = " select * from table_foo where bar =
> LIKE '%?%' "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ...
>
> This craps out too.
>
> A quick search of the archives doesn't shed light on
> this issue. I
> don't need a JDBC escape since I want to use a % char.
>
> So how do I use LIKE within a prepared statement ? I'm
> sure I'm
> missing something obvious here....
>
> Best regards,
> --j
>
>
>
>
>
> ______________________________________________________________________
> ______________
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.
> http://autos.yahoo.com/new_cars.html
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 7: You can help support the PostgreSQL project by donating at
>
> http://www.postgresql.org/about/donate

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Miroslav Šulc 2007-02-03 19:25:26 Re: JDBC and arrays
Previous Message Thomas Kellerer 2007-02-03 09:30:46 Re: PreparedStatements, LIKE and the % operator