How do i use regexp with parameters on java-Mysql select query?

Question

I want to select records from a database by many parameters

I tried to combine columns with concat and use regex

I can run this code but I want to use real parameters instead of 'NAME' and '1100'

String sorgu = 
    "Select per.* "
    + "from per_kimlik_bilgileri per"
    + " where  "
    + "concat"
    + "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' , 
   pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
    + " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
    +  "REGEXP   'NAME|1100'  " ;  

`

I tried this way but it did not work

String sorgu = 
    "Select per.* "
    + "from per_kimlik_bilgileri per"
    + " where  "
    + "concat"
    + "(pkb_tc_no, '/' , pkb_ad , '/' , pkb_soyad , '/' , 
    pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'"
    + " , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) "
    +   "REGEXP   '"+id+"' | '"+name+"'  " ;  `

Answer 1

Avoid using concatenation of parameters for your prepared statements. Rather prefer using placeholders by question marks, and substitutions by preparedStatement.setString() especially against injection

....
PreparedStatement stmt = null;
try {
     String sorgu = 
    "Select per.* from per_kimlik_bilgileri per where  concat(pkb_tc_no, '/' , pkb_ad 
    ,'/' , pkb_soyad , '/' , pkb_sicil_no , '/' , pkb_gorev_yeri , '/' , pkb_unvan_k , '/'
    , pkb_gorev_k , '/' , pkb_istihdam_tipi ,'/', pkb_gor_drm) REGEXP ?|?  " ; 

    PreparedStatement preparedStatement = conn.prepareStatement(sorgu);

    preparedStatement.setString(1, name);
    preparedStatement.setString(2, val);

    ResultSet rs = preparedStatement.executeQuery();
    ......

Answer 2

change last line to

+   "REGEXP   '"+id+"|"+name+"'  " ;

the ' makes syntax error.