使用'％'作为SQL中带Java的参数中的通配符

Question

So in my program I have:

    private static final String GET_USERS_BY_PARAMS = "select * from user t "
        + "where t.id like %?% "
        + "AND t.name LIKE %?% "
        + "AND t.location LIKE %?% " 
        + "AND t.telephone LIKE %?% ";

All of the parameters given above are stored as varchar in the database.

However when I run the following:

statement = connection.prepareStatement(GET_USERS_BY_SEARCH_PARAMS);
            statement.setString(1, userID);
            statement.setString(2, name);
            statement.setString(3, location);
            statement.setString(4, telephone());

            rs = statement.executeQuery();

I get a SQL exception stating that there was an invalid character. The application throws the error on the executeQuery, so setting the params isn't an issue. I was wondering if this was down to using the % symbols, whihc I included so that you could search without having to input the exact user ID, name, or etc.

Thanks for any help in advance!

Answer 1

The wildcard has to be part of the value passed to the prepared statement. So you need something like this:

private static final String GET_USERS_BY_PARAMS = "select * from user t "
    + "where t.id like ? "
    + "AND t.name LIKE ? "
    + "AND t.location LIKE ? " 
    + "AND t.telephone LIKE ? ";

statement = connection.prepareStatement(GET_USERS_BY_SEARCH_PARAMS);
statement.setString(1, "%" + userID + "%");
statement.setString(2, "%" + name + "%");
statement.setString(3, "%" + location + "%");
statement.setString(4, "%" + telephone() + "%");

Btw: what datatype is user.id ?

If that is a numeric value, LIKE won't work correctly. You should probably explictely cast the ID to a character value instead: where to_char(t.id) like ?

Answer 2

use CONCAT function,it will works,like this: LIKE CONCAT('%', ?, '%')
or also you can use LIKE ('%' || ? || '%')

Answer 3

您可以使用连接运算符编写

LIKE ('%' || ? || '%')