folks
i am trying to form a String variable with the below SQL code , Please let me know how to deal with escape characters
select col1,col2,col3 from table1
where col5 = param1
and upper(col6) = 'A'
and col7= 'TABLE2 NAME'
and col8 LIKE UPPER('param2%');
param1 and param2 are input parameters
regrds
mathew
In case of Oracle, you can build sql statement as follows:
select col1,col2,col3 from table1 where col5 = param1 and upper(col6) = 'A' and col7= 'TABLE2 NAME'
and col8 LIKE UPPER('param2\%') ESCAPE '\'
Hope this is what you are looking for..!
Let me know how it goes
You are almost always better off with a parameterized query using PreparedStatement. This is better for the database since it can cache the execution plan for the query, and better for your java code since you don't have to escape quotes in strings or format dates.
PreparedStatement stmt = con.prepareStatement(
"select col1,col2,col3 from table1 " +
"where col5 = ?" +
"and upper(col6) = ?" +
"and col7= ?" +
"and col8 LIKE UPPER(?)");
stmt.setString(1, param1);
stmt.setString(2, "A");
stmt.setString(3, "TABLE2 NAME");
stmt.setString(4, param2 + "%");
ResultSet rs = stmt.executeQuery();
Jemiah
