Here's my current SQL statement:
SEARCH_ALBUMS_SQL = "SELECT * FROM albums WHERE title LIKE ? OR artist LIKE ?;";
It's returning exact matches to the album or artist names, but not anything else. I can't use a '%' in the statement or I get errors.
How do I add wildcards to a prepared statement?
(I'm using Java5 and MySQL)
Thanks!
You put the % in the bound variable. So you do
stmt.setString(1, "%" + likeSanitize(title) + "%");
stmt.setString(2, "%" + likeSanitize(artist) + "%");
You should add ESCAPE '!' to allow you to escape special characters that matter to LIKE in you inputs.
Before using title or artist you should sanitize them (as shown above) by escaping special characters (!, %, _, and [) with a method like this:
public static String likeSanitize(String input) {
return input
.replace("!", "!!")
.replace("%", "!%")
.replace("_", "!_")
.replace("[", "
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 男人必须洒脱 的文章《Wildcards in Java PreparedStatements》','https://www.manongdao.com/article-749826.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}