So in my program I have:
private static final String GET_USERS_BY_PARAMS = "select * from user t "
+ "where t.id like %?% "
+ "AND t.name LIKE %?% "
+ "AND t.location LIKE %?% "
+ "AND t.telephone LIKE %?% ";
All of the parameters given above are stored as varchar in the database.
However when I run the following:
statement = connection.prepareStatement(GET_USERS_BY_SEARCH_PARAMS);
statement.setString(1, userID);
statement.setString(2, name);
statement.setString(3, location);
statement.setString(4, telephone());
rs = statement.executeQuery();
I get a SQL exception stating that there was an invalid character. The application throws the error on the executeQuery, so setting the params isn’t an issue. I was wondering if this was down to using the % symbols, whihc I included so that you could search without having to input the exact user ID, name, or etc.
Thanks for any help in advance!
The wildcard has to be part of the value passed to the prepared statement. So you need something like this:
Btw: what datatype is
user.id?If that is a numeric value, LIKE won’t work correctly. You should probably explictely cast the ID to a character value instead:
where to_char(t.id) like ?