Skip site navigation (1) Skip section navigation (2)

Peripheral Links

Header And Logo

PostgreSQL
| The world's most advanced open source database.

Site Navigation

Search archives
  Advanced Search

Re: PreparedStatements, LIKE and the % operator

  • From: Barry Lind <blind(at)xythos(dot)com>
  • To: j.random.programmer <javadesigner(at)yahoo(dot)com>
  • Cc: pgsql-jdbc(at)postgresql(dot)org
  • Subject: Re: PreparedStatements, LIKE and the % operator
  • Date: Sat, 3 Feb 2007 12:09:06 -0500
  • Message-id: <D5C55DA5-283C-43A3-A990-450079009651@xythos.com> <text/plain>
I would suggest:

LIKE '%' || ? || '%'


On Feb 2, 2007, at 10:58 PM, j.random.programmer wrote:


Hi:

I am using postgres 8.2 with the 8.2.504 jdbc3 driver.

I am getting data from a untrusted source. Hence a
prepared
statement. I also need a partial match.

String query =  " select * from table_foo where bar =
LIKE %?% "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
....

This craps out when run. Try adding single quotes
before and
after the: %?%

String query =   " select * from table_foo where bar =
LIKE '%?%'  "
PreparedStatement ps = con.prepareStatement(query);
ps.setString(1, "haha");
...

This craps out too.

A quick search of the archives doesn't shed light on
this issue. I
don't need a JDBC escape since I want to use a % char.

So how do I use LIKE within a prepared statement ? I'm
sure I'm
missing something obvious here....

Best regards,
--j
______________________________________________________________________ ______________ 
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
---------------------------(end of broadcast)--------------------------- 
TIP 7: You can help support the PostgreSQL project by donating at

                http://www.postgresql.org/about/donate
Home | Main Index | Thread Index

Privacy Policy | About PostgreSQL
Copyright © 1996 – 2012 PostgreSQL Global Development Group