I've got a MySQL table with Foos. Each Foo has a numeric non-unique code and a name. Now I need to find if any Foo with one of certain codes happens to have a name that starts with a given string. In normal SQL this would be trivial:
select * from FOO where CODE in (2,3,5) and NAME like 'bar%';
But how would I properly do this in Spring now? Without the need for the 'like' operator I'd do it like this:
public List<Foo> getByName(List<Integer> codes, String namePart) { String sql = "select * from FOO where CODE in (:codes) and NAME=:name" Map<String,Object> params = new HashMap<String,Object>(); params.put("codes", codes); params.put("name", namePart); return getSimpleJdbcTemplate().query(sql, new FooRowMapper(), params); }
However, with 'like' nothing seems to work: NAME like :name%
, NAME like ':name%'
, or NAME like ?%
when using the placeholders instead of named parameters.
I could be brutal and enter it as
String sql = "select * from FOO where CODE in (:codes) and NAME like '"+namePart+"%'";`
but obviously it would be more than nice if Spring would sanitize the input parameters properly etc, you know...
You'd think Spring would support this somehow but I cannot figure it out.
Wait, of course I had to "try one more final thing" before calling it a day, and lo and behold, all my unit tests suddenly pass:
public List<Foo> getByName(List<Integer> codes, String namePart) { String sql = "select * from FOO where CODE in (:codes) and NAME like :name" Map<String,Object> params = new HashMap<String,Object>(); params.put("codes", codes); params.put("name", namePart+"%"); return getSimpleJdbcTemplate().query(sql, new FooRowMapper(), params); }
I didn't think of entering the "%" in the parameter, I was certain Spring would automatically escape it. I wonder if I'm doing it right?
In another form, I encountered the same problem, and I tried to solve it via this manner:
public List<MyEntity> getMyEntityValuesBySearchText(String searchText) { String query = "SELECT * FROM MY_ENTITY_TABLE WHERE NAME LIKE ?"; return this.getJdbcTemplate().query(query, new String[] { "%" + searchText + "%" }, (rs, rowNum) -> new MyEntity(rs.getLong("PK"), rs.getString("NAME"))); }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With