| Author |
Topic |
|
kierandes
Starting Member
6 Posts |
 Posted - 2010-02-19 : 20:20:52
|
Hey all,I'm a bit of a noob when it comes to sql so bare with me.I am using jsp sessions to retrieve a request. then I am putting this posted request data in a string called SongTitle. My next question is how do I use the % wildcard with the variable? I've tried it like I have it below but I get errors with it. any help would be greatly appreciated.like % '" + SongTitle + "'% |
|
|
X002548
Not Just a Number
15586 Posts |
|
|
kierandes
Starting Member
6 Posts |
Posted - 2010-02-19 : 20:45:24
|
| Thanks Brett. just tried that there and no luck. got more server errors.The String only seems to take the data in when i have it like '" + SongTitle + '". |
 |
|
|
kierandes
Starting Member
6 Posts |
Posted - 2010-02-19 : 20:49:06
|
Ahh Sorted it, heres what it looks like now. like '%"+ SongTitle +"%' |
|
|
|
X002548
Not Just a Number
15586 Posts |
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-20 : 01:59:57
|
Brett: I reckon it is dynamic SQL in the application language (JSP)kierandes: You need to protect the data the user entered from SQL Injection (Google if you have not heard of it), otherwise people can put stuff in your "songtitle" field that will do bad stuff (grab your passwords, mess with the data, delete the whole database, ... etc  ) |
|
|
|
kierandes
Starting Member
6 Posts |
Posted - 2010-02-20 : 05:00:42
|
| Thanks Kristen, I'll take on board :) |
|
|
|
kierandes
Starting Member
6 Posts |
Posted - 2010-02-20 : 07:40:49
|
| grr thought it was sorted but the wildcard dosent seem to be working. i need to type in the exact name or part of the name to get results. ieTime is Running Out vs time is running out. the first gets results unlike the other. any ideas? |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-20 : 08:00:16
|
So your database column is case sensitive?Use like '%"+ SongTitle +"%' COLLATE SQL_Latin1_General_CP1_CI_AS but you may need to choose a better collation (using the same one as the [SongTitle] column is defined with but changing the suffix to "_CI_AS" would probably be best) |
|
|
|
kierandes
Starting Member
6 Posts |
Posted - 2010-02-20 : 08:10:45
|
| Hmm it didnt seem to like that query either. I'm using Java DB and theres no options for collation but ya it seems to be case sensitive. |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2010-02-20 : 08:18:51
|
" I'm using Java DB "This is specifically a Microsoft SQL Server forum, so you may not find people here who know the answer.Do you have a function to force a string to upper case? Is so use it on both sides of the LIKEUPPER(MyColumn) like UPPER('%"+ SongTitle +"%') |
|
|
|
|
Using Like % and String Variable in a sql statemen