I have the following syntax in my code, but it is not working when

Question

0

Asked: May 23, 20262026-05-23T13:25:33+00:00 2026-05-23T13:25:33+00:00

I have the following syntax in my code, but it is not working when

0

I have the following syntax in my code, but it is not working when I am trying to use the LIKE operator in JDBC. It works fine in this way, when it is just equal:

ResultSet resultSet = statement.executeQuery("SELECT * 
                                                FROM drawings 
                                               WHERE name = '"+ DT +"'");

But if I want to use the LIKE operator to search as a wildcard, I keep getting the error saying that “%” is not a valid character. How I can correctly use the LIKE operator?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T13:25:34+00:00

From the comments:

query=("SELECT * FROM drawings WHERE name LIKE '"%DT%"'");

This does not compile. Assuming that DT is a variable, then it should rather look like

query = "SELECT * FROM drawings WHERE name LIKE '%" + DT + "%'";

(pay attention to the syntax highlighting, the % has to be part of the SQL string!)

However, concatenating user-controlled string variables like that in a SQL query puts doors wide open for successful SQL injection attacks. Learn how to use PreparedStatement and use it instead.

String sql = "SELECT * FROM drawings WHERE name LIKE ?";
// ...
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, "%" + DT + "%");
resultSet = preparedStatement.executeQuery();
// ...

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have the following syntax in my code, but it is not working when

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply