{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 傲 的问题《Cannot use a LIKE query in a JDBC PreparedStatemen》','https://www.manongdao.com/q-75723.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
The query code and query:
ps = conn.prepareStatement("select instance_id, ? from eam_measurement where resource_id in (select RESOURCE_ID from eam_res_grp_res_map where resource_group_id = ?) and DSN like '?' order by 2");
ps.setString(1,"SUBSTR(DSN,27,16)");
ps.setInt(2,defaultWasGroup);
ps.setString(3,"%Module=jvmRuntimeModule:freeMemory%");
rs = ps.executeQuery();
while (rs.next()) { bla blah blah blah ...
Returns an empty ResultSet.
Through basic debugging I have found its the third bind that is the problem i.e.
DSN like '?'
I have tried all kinds of variations, the most sensible of which seemed to be using:
DSN like concat('%',?,'%')
but that does not work as I am missing the ' on either side of the concatenated string so I try:
DSN like ' concat('%',Module=P_STAG_JDBC01:poolSize,'%') ' order by 2
but I just cannot seem to find a way to get them in that works.
What am I missing?
This should work:
There are two problems with your statement. You have to understand how bind variables work. The query is not processed by substituing the characters
?with your parameters. Instead, the statement is compiled with placeholders and then, during execution, the actual values of the parameters are given to the DB.In other words, you parse the following query:
I'm pretty sure the last parameter will be ignored because it is in a delimited character string. Even if it is not ignored, it does not make sense to have
'characters around because Oracle won't bind a parameter in a string (I'm surprised it hasn't raised any error, do you catch exceptions ?).Now if you replace your
DNS LIKE '?'withDSN LIKE ?and bind"%Module=jvmRuntimeModule:freeMemory%"this will make sense and should return the correct rows.You still have the problem with your first parameter, it won't do what you expect, i-e the query that will be executed will be equivalent to the following query:
which is not at all the same as
I would suggest parsing (=prepareStatement) the following query if you expect the SUBSTR to be dynamic:
Omit the
'around the?. Without the',?is a placeholder for a parameter. With it, it's an SQL string (i.e. the same as"?"in Java).Then you must concatenate the string on the Java side; you can't pass SQL functions as parameters to queries; only basic values (like string, integer, etc) because the JDBC driver will convert the parameter to the SQL type the database expects and it cannot execute SQL functions in this step.
First, the
PreparedStatementplaceholders (those?things) are for column values only, not for table names, column names, SQL functions/clauses, etcetera. Better useString#format()instead. Second, you should not quote the placeholders like'?', it would only malform the final query. ThePreparedStatementsetters already do the quoting (and escaping) job for you.Here's the fixed SQL:
Here is how to use it:
See also:
Here
varis the variable in which value that is to be searched is stored...If you want to use LIKE in prepared statement and also want to use % characters in LIKE;
write prepared statement as normally " .... LIKE ? ...." and while assigning parameter value to question mark use
ps.setString(1, "%" + "your string value" + "%");This will work :)