i need to do search where user may enter more than 1 word. for example: hello, world.
i have some codes here but it didnt perform the search correctly. what's my mistake? pls help...
String sDB="db", sUsr= "", sPwd="";
String search = (String)request.getParameter("txtSearch");
String parameter = (String)"%"+search+"%";
String sSQL = "select * from tbl where Title LIKE '"+parameter+"'";
> Handcrufted SQL statements are not good. They are
> prone to including delimiter characters like ,
> etc.
>
> Use
> > String sSQL = "select * from tbl where Title LIKE
> '?'";
>
> and setString()
how and where should i apply the setString()?
i did this in my coding (below)
// ....
String sSQL = "select * from tblArticle where Title LIKE '?'";
//....
try{
Ps = Con.prepareStatement(sSQL);
Ps.setString( "%" + request.getParameter("txtSearch") + "%");
Rs = Ps.executeQuery();
}
but it gives an error. = setString(int,java.lang.String) in java.sql.PreparedStatement cannot be applied to (java.lang.String)Ps.setString( "%" + request.getParameter("txtSearch") + "%");
what's wrong with it?
