Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JDBI using @bind for variables in queries inside quotes

I'm wondering if/how this is possible, if it is, I'm sure its a simple fix that I can't seem to figure out

@SqlQuery("SELECT * FROM Table WHERE column LIKE '%:thingName%'")
public Set<Things> getThings(@Bind("thingName", String thingName)

Essentially for this toy example I am trying to select a row where a column contains [any text]thingName[anyText]. When using as above, I think the quotes obscure the bound variable so it literally looks for [any text]:thingName[anyText] and not my bound variable.

Thank you in advance, Madeline

like image 703
user2441922 Avatar asked May 31 '13 21:05

user2441922


People also ask

How do you bind variables in Java?

Bind variables should be used to replace values that can be considered variable in your query. Essentially all bind variables do is create a query that has variables in it, instead of actual values. Bind variables should be used when the same query is going to be executed multiple times.

What is BindBean?

The @BindBean annotation binds JavaBeans™ properties by name. If no value is given to the annotation the bean properties will be bound directly to their property names. If a value is given, the properties will be prefixed by the value given and a period.

Is JDBI an ORM?

Jdbi is not an ORM. There is no session cache, change tracking, "open session in view", or cajoling the library to understand your schema. Instead, Jdbi provides straightforward mapping between SQL and simple tabular data structures.

How does JDBI work?

JDBI is a SQL convenience library for Java. It attempts to expose relational database access in idiomatic Java, using collections, beans, and so on, while maintaining the same level of detail as JDBC. It exposes two different style APIs, a fluent style and a sql object style.


1 Answers

I use concat to surround input with % signs while still using a bound variable to avoid SQL injection:

@SqlQuery("select * from atable where acolumn like concat('%',:thingName,'%')")
public Set getNames(@Bind("thingName") String thingName);
like image 134
jbuhacoff Avatar answered Oct 06 '22 09:10

jbuhacoff