Reputation: 145
How to use MySQL like operator in JDBC?
I have the following syntax in my code, but it is not working when I am trying to use the LIKE operator in JDBC. It works fine in this way, when it is just equal:
ResultSet resultSet = statement.executeQuery("SELECT *
FROM drawings
WHERE name = '"+ DT +"'");
But if I want to use the LIKE operator to search as a wildcard, I keep getting the error saying that "%" is not a valid character. How I can correctly use the LIKE operator?
Upvotes: 6
Views: 42567
Answers (1)
Reputation: 1108557
From the comments:
query=("SELECT * FROM drawings WHERE name LIKE '"%DT%"'");
This does not compile. Assuming that DT is a variable, then it should rather look like
query = "SELECT * FROM drawings WHERE name LIKE '%" + DT + "%'";
(pay attention to the syntax highlighting, the % has to be part of the SQL string!)
However, concatenating user-controlled string variables like that in a SQL query puts doors wide open for successful SQL injection attacks. Learn how to use PreparedStatement and use it instead.
String sql = "SELECT * FROM drawings WHERE name LIKE ?";
// ...
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, "%" + DT + "%");
resultSet = preparedStatement.executeQuery();
// ...
Upvotes: 22
Related Questions
- Using select query with like operator and parameters in java
- Mysql like operator
- SQL LIKE operator and trailing spaces
- Search in database with like operator and return list of results
- using LIKE operator in mysql
- SQL Query in JAVA. LIKE command
- MySQL SELECT with LIKE in java Servlet MySQL error
- Using MySQL like for Column name
- java equivalent of mysql string search operator 'like'
- How to use the LIKE keyword in SQL?