发表新帖
发表新帖

Cannot use a LIKE query in a JDBC PreparedStatement?

前端 未结
关注
7 1791
生来不讨喜
生来不讨喜 2020-12-01 06:11

The query code and query:

ps = conn.prepareStatement(\"select instance_id, ? from eam_measurement where resource_id in (select RESOURCE_ID from eam_res_grp_r
相关标签:
7条回答
  • 北荒
    2020-12-01 06:43

    There are two problems with your statement. You have to understand how bind variables work. The query is not processed by substituing the characters ? with your parameters. Instead, the statement is compiled with placeholders and then, during execution, the actual values of the parameters are given to the DB.

    In other words, you parse the following query:

    SELECT instance_id, :p1
  FROM eam_measurement
 WHERE resource_id IN (SELECT RESOURCE_ID 
                         FROM eam_res_grp_res_map 
                        WHERE resource_group_id = :p2)
   AND DSN LIKE '?'
 ORDER BY 2

    I'm pretty sure the last parameter will be ignored because it is in a delimited character string. Even if it is not ignored, it does not make sense to have ' characters around because Oracle won't bind a parameter in a string (I'm surprised it hasn't raised any error, do you catch exceptions ?).

    Now if you replace your DNS LIKE '?' with DSN LIKE ? and bind "%Module=jvmRuntimeModule:freeMemory%" this will make sense and should return the correct rows.

    You still have the problem with your first parameter, it won't do what you expect, i-e the query that will be executed will be equivalent to the following query:

    SELECT instance_id, 'SUBSTR(DSN,27,16)'
  FROM ...

    which is not at all the same as 

    SELECT instance_id, SUBSTR(DSN,27,16)
  FROM ...

    I would suggest parsing (=prepareStatement) the following query if you expect the SUBSTR to be dynamic:

    SELECT instance_id, SUBSTR(DSN,?,?)
  FROM eam_measurement
 WHERE resource_id IN (SELECT RESOURCE_ID 
                         FROM eam_res_grp_res_map 
                        WHERE resource_group_id = ?)
   AND DSN LIKE ?
 ORDER BY 2
    0 讨论(0)
  • 無奈伤痛
    2020-12-01 06:43 
    PreparedStatement ps = con.prepareStatement(
    "select columname from tablename where LOWER(columnname) LIKE LOWER('"+var+"%')");

    Here var is the variable in which value that is to be searched is stored...

    0 讨论(0)
  • [愿得一人]
    2020-12-01 06:43

    This should work:

    "\'" + "?" + "\'"
    0 讨论(0)
  • 灰色年华
    2020-12-01 06:53

    You can try:

    String beforeAndAfter = "%" + yourVariable + "%";
    0 讨论(0)
  • 滥情空心
    2020-12-01 06:59

    First, the PreparedStatement placeholders (those ? things) are for column values only, not for table names, column names, SQL functions/clauses, etcetera. Better use String#format() instead. Second, you should not quote the placeholders like '?', it would only malform the final query. The PreparedStatement setters already do the quoting (and escaping) job for you.

    Here's the fixed SQL:

    private static final String SQL = "select instance_id, %s from eam_measurement"
    + " where resource_id in (select RESOURCE_ID from eam_res_grp_res_map where"
    + " resource_group_id = ?) and DSN like ? order by 2");

    Here is how to use it:

    String sql = String.format(SQL, "SUBSTR(DSN,27,16)"); // This replaces the %s.
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setInt(1, defaultWasGroup);
preparedStatement.setString(2, "%Module=jvmRuntimeModule:freeMemory%");

    See also:

    • Sun JDBC tutorial: Using Prepared Statements
    • Format string syntax
    0 讨论(0)
  • 梦如初夏
    2020-12-01 07:04

    If you want to use LIKE in prepared statement and also want to use % characters in LIKE;

    write prepared statement as normally " .... LIKE ? ...." and while assigning parameter value to question mark use

    ps.setString(1, "%" + "your string value" + "%");

    This will work :)

    0 讨论(0)
 看不清?
提交回复
热议问题