SQL Query In Java + Oracle

Question

I'm really struggling to get this SQL into my head while using java.

My problem is: I want to use a variable in my sql Query, and i cant seem to get it working, it catches the correct value(i'm showing it on a label), But it doesnt show any records, yet, if i replace the variable for a '5', it shows me the correct record...

        try {
             Class.forName("oracle.jdbc.driver.OracleDriver");
            conn = MySqlConnect.ConnectDb();


           int idaca = Integer.parseInt(idhist.getText());
  String query1 = "SELECT t.nome, h.Valor_Atual, h.Valor_Antigo, a.nome
                      FROM  Tecnologias t, Historico h, Academista a 
                       WHERE h.Id_Academista = a.Id_Academista AND a.Id_Academista = "+idaca+" AND h.Id_Tecnologia = t.Id_Tecnologia
                        AND (h.Valor_Atual || h.Valor_Antigo  || t.nome)  LIKE '%" + ValToSearch + "%'";

            Statement st = conn.createStatement();
            ResultSet rs = st.executeQuery(query1);

            historico history;

            while (rs.next()) {
                history = new historico(rs.getString("Nome"), rs.getInt("Valor_Antigo"),
                        rs.getInt("Valor_Atual"), rs.getString("Nome"));
                historicoList.add(history);
            } //END WHILE
        } //END TRY
        catch (Exception e) {
            JOptionPane.showInputDialog(null, e);
        }//END CATCH 

Thats my code so far... The ValToSearch is working fine, tho...

Thank you in advance! Cheers

Answer 1

Put an space before AND h.Id_Tecnologia . That should solve your problem.

Answer 2

You are not afraid that in ValToSearch you get something like ' OR 1 IN (DELETE * FROM Tecnologias ) ? Use parametr escaping or better some query builder