Sheeyla Sheeyla - 9 months ago 41
MySQL Question

How to use MySQL like operator in JDBC?

I have the following syntax in my code, but it is not working when I am trying to use the

operator in JDBC. It works fine in this way, when it is just equal:

ResultSet resultSet = statement.executeQuery("SELECT *
FROM drawings
WHERE name = '"+ DT +"'");

But if I want to use the
operator to search as a wildcard, I keep getting the error saying that "%" is not a valid character. How I can correctly use the LIKE operator?


From the comments:

query=("SELECT * FROM drawings WHERE name LIKE '"%DT%"'");

This does not compile. Assuming that DT is a variable, then it should rather look like

query = "SELECT * FROM drawings WHERE name LIKE '%" + DT + "%'";

(pay attention to the syntax highlighting, the % has to be part of the SQL string!)

However, concatenating user-controlled string variables like that in a SQL query puts doors wide open for successful SQL injection attacks. Learn how to use PreparedStatement and use it instead.

String sql = "SELECT * FROM drawings WHERE name LIKE ?";
// ...
preparedStatement = connection.prepareStatement(sql);
preparedStatement.setString(1, "%" + DT + "%");
resultSet = preparedStatement.executeQuery();
// ...