Re: how to Escape single quotes with PreparedStatment

Поиск

Список

Период

Сортировка

От	dmp
Тема	Re: how to Escape single quotes with PreparedStatment
Дата	20 августа 2011 г. 12:14:13
Msg-id	4E4FCE49.2000605@ttc-cmc.net обсуждение исходный текст
Ответ на	how to Escape single quotes with PreparedStatment (JavaNoobie <vivek.mv@enzentech.com>)
Ответы	Re: how to Escape single quotes with PreparedStatment
Список	pgsql-jdbc

Дерево обсуждения

JavaNoobie wrote:
 > Hi All,
 > I'm trying to write a preparedstatement query as below.
 >
 >     String query=  "SELECT count(*) over () as ROWCOUNT,
 > CONSUMER_ID,WENEXA_ID,CONSUMER_NAME,CONTACT_NO,residing_village from
 > db_consumer WHERE (lower(CONSUMER_NAME) LIKE (lower('%"+name+"%'))OR
 > (lower('" + name + "')='')) AND (lower(RESIDING_VILLAGE) LIKE
 > (lower('%"+village+"%')) OR (lower('" + village + "')='')) AND
 > (lower(WENEXA_ID) LIKE (lower('%"+wenexaid+"%'))OR(lower( '" + wenexaid +
 > "')='')) LIMIT '"+pageLimit+"'OFFSET '"+pageOffset+"'";
 >
 >                 stmt = con.prepareStatement(query);
 >                 rs= stmt.executeQuery();
 >
 > However , the query fails with postgresql when a double quote is passed into
 > it.I was under the impression that Prepared statement would take care of the
 > same . But can anyone explain why I'm getting the error?
 > Thank you.

Perhaps to get a better idea of what exactly the query string
is that is being executed you could:

System.out.println(query);
stmt = con.prepareStatement(query);
rs= stmt.executeQuery();

danap.

В списке pgsql-jdbc по дате отправления:

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Re: how to Escape single quotes with PreparedStatment