Re: PreparedStatements, LIKE and the % operator

Hi

Craps out how ?

bar = like %?%

is invalid

bar like '%?%'

is closer to the correct syntax

Dave
On 2-Feb-07, at 10:58 PM, j.random.programmer wrote:

> Hi:
>
> I am using postgres 8.2 with the 8.2.504 jdbc3 driver.
>
> I am getting data from a untrusted source. Hence a
> prepared
> statement. I also need a partial match.
>
> String query =  " select * from table_foo where bar =
> LIKE %?% "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ....
>
> This craps out when run. Try adding single quotes
> before and
> after the: %?%
>
> String query =   " select * from table_foo where bar =
> LIKE '%?%'  "
> PreparedStatement ps = con.prepareStatement(query);
> ps.setString(1, "haha");
> ...
>
> This craps out too.
>
> A quick search of the archives doesn't shed light on
> this issue. I
> don't need a JDBC escape since I want to use a % char.
>
> So how do I use LIKE within a prepared statement ? I'm
> sure I'm
> missing something obvious here....
>
> Best regards,
> --j
>
>
>
>
>
> ______________________________________________________________________
> ______________
> Don't pick lemons.
> See all the new 2007 cars at Yahoo! Autos.
> http://autos.yahoo.com/new_cars.html
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 7: You can help support the PostgreSQL project by donating at
>
>                 http://www.postgresql.org/about/donate
>