This question already has answers here:
Using "like" wildcard in prepared statement
(6 answers)
Closed 4 years ago.
I'm using Oracle.
PreparedStatement pstmt = con.prepareStatement("SELECT * FROM BookLoanInfo WHERE title LIKE '%?%' ORDER BY bid");
ResultSet rs;
String bookstring = scan.nextLine();
try{
pstmt.clearParameters();
pstmt.setString(1, bookstring);
rs = pstmt.executeQuery();
The actual problem seems to be with either the setString or how I have typed the query.
This however gives Invalid Column Index.
You'll need to specify the wildcards as part of your setString statement.
Wildcard in Prepared Statement
Related
This question already has answers here:
How to pass parameters to query?
(2 answers)
Closed 4 years ago.
In iReport, i want to put the sql query in my parameter expression editor as following.
(!$P{securityGrading}.equals("0")) ? "SecurityGrading- " + "select description from [KRISADMIN].SecurityLevel where Level = $P{securityGrading}" : "SecurityGrading- Default to all"
But the iReport can't execute my sql query. I know it doesn't recognize my sql query since i'm using double quote but how do I get my query works in it?
The Problem which I see is in the addition of the parameter value.
Correct way would be
If Level Column is integer then -
(!$P{securityGrading}.equals("0")) ? "SecurityGrading- " + "select description from [KRISADMIN].SecurityLevel where Level =" + $P{securityGrading} : "SecurityGrading- Default to all"
If Level column is of type varchar
(!$P{securityGrading}.equals("0")) ? "SecurityGrading- " + "select description from [KRISADMIN].SecurityLevel where Level ='" + $P{securityGrading} +"'" : "SecurityGrading- Default to all"
You need to take care that the dynamic values supplied from the parameters in ireport need to find the legit SQL.
Hope that this helps.
Is it possible to use a prepared statement for the FROM clause?
I'm trying to do this:
PreparedStatement preStmType = conn.prepareStatement("SELECT * FROM ? WHERE article_id = ?");
preStmType.setString(1, rsetArticle.getString(5));
preStmType.setInt(2, rsetArticle.getInt(1));
It does not seem to work. When I remove the argument for the FROM clause and use it only in the where, it works, but I would like to generate the FROM dynamically too.
Nope, you can't
Prepared statements supports data literals only.
Speaking of this particular case, why do you want to generate fieldlist dynamically? If you don't know what field you need - just select all and then pick one from the returned row
Are you using Java?
How about trying this:
String qryStr = "SELECT * FROM "+rsetArticle.getString(5)+" "
qryStr =qryStr + "WHERE article_id = ?"
PreparedStatement preStmType = conn.prepareStatement(qryStr);
preStmType.setInt(1, rsetArticle.getInt(1));
This question already has an answer here:
Combine values from related rows into a single concatenated string value
(1 answer)
Closed 8 years ago.
I have seen that strings can be concatenated in Access with &.
However, I cannot write the following query:
SELECT age, &names ==> this line does not work, how can I concatenate the strings?
FROM table GROUP BY age;
So that I get for example: "30; JohnWilliamPeter", all of them 30 years old.
Any way to do that?
Do you mean:
SELECT age & "; " & names
FROM table
GROUP BY age & "; " & names
However, this seems like you are aiming at a solution that should be presentation, not SQL.
String sql = "select * from file_repo_index where id in (?)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setString (1, toCommaSeparatedList(repoIdList));
ResultSet result = ps.executeQuery();
public static String toCommaSeparatedList(Collection col);
I have to use the query as
select * from file_repo_index where id in ( 1,2,3,4 )
But it gives following error in executeQuery() statement
java.sql.SQLException: Conversion failed when converting the nvarchar value '213304,213305,213307' to data type int.
I can use it like
String sql = "select * from file_repo_index where id in ("+toCommaSeparatedList(repoIdList)+")";
Statement ps = conn.createStatement();
ResultSet result = ps.executeQuery(sql);
But I want to use the PrepareStatment method. How can I do it. ??
You should create your prepare statement placeholders based on your values, for instance:
String sql = "select * from file_repo_index where id in (";
//append ?, in above sql in a loop
//Then prepare statement.
This will involve a bit of extra coding, but i think this is the only way to force using PreparedStatement.
If You want to use IN keyword then inside the brackets you have to put like
('213304','213305','213307')
as seperate variables and dont combine in a single "single quotes the entire values" and also in the select statement
String sql = "select * from file_repo_index where id in ("+toCommaSeparatedList(repoIdList)+")";
Change the double quotes to single and try
('+ toCommaSeparatedList(repoIdList) +')";
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
sql query with jdbc
How dow e find the wuery frok mysql.
Your query should be like this:
String query = "INSERT INTO reservations (flight_no, departure_date) VALUES (?, ?)";
The "?" indicate that you need to provide data for it be inserted into database.
String query = "INSERT INTO reservations (flight_no, departure_date) VALUES (?, ?)";
PreparedStatement ps = connection.prepareStatement(query);
ps.setString(1, flight_no);
ps.setDate(2, departure_date );
result = ps.executeQuery();
In the query you must replace parameters with question marks. Use ? instead of "CSC585" and "2010-05-31". Those question marks will be replaced by values set by .setString() and similar methods.
use setDate instead of setString :
ps.setDate(2, departure_date );
also if you use prepared use question mark in your query like
String query = "INSERT INTO reservations (flight_no, departure_date) VALUES ("?", "?")";