I’ve got a MySQL table with Foos. Each Foo has a numeric non-unique code and a name. Now I need to find if any Foo with one of certain codes happens to have a name that starts with a given string. In normal SQL this would be trivial:
select * from FOO where CODE in (2,3,5) and NAME like 'bar%';
But how would I properly do this in Spring now? Without the need for the ‘like’ operator I’d do it like this:
public List<Foo> getByName(List<Integer> codes, String namePart) {
String sql = "select * from FOO where CODE in (:codes) and NAME=:name"
Map<String,Object> params = new HashMap<String,Object>();
params.put("codes", codes);
params.put("name", namePart);
return getSimpleJdbcTemplate().query(sql, new FooRowMapper(), params);
}
However, with ‘like’ nothing seems to work: NAME like :name%, NAME like ':name%', or NAME like ?% when using the placeholders instead of named parameters.
I could be brutal and enter it as
String sql = "select * from FOO where CODE in (:codes) and NAME like '"+namePart+"%'";`
but obviously it would be more than nice if Spring would sanitize the input parameters properly etc, you know…
You’d think Spring would support this somehow but I cannot figure it out.
Advertisement
Answer
Wait, of course I had to “try one more final thing” before calling it a day, and lo and behold, all my unit tests suddenly pass:
public List<Foo> getByName(List<Integer> codes, String namePart) {
String sql = "select * from FOO where CODE in (:codes) and NAME like :name"
Map<String,Object> params = new HashMap<String,Object>();
params.put("codes", codes);
params.put("name", namePart+"%");
return getSimpleJdbcTemplate().query(sql, new FooRowMapper(), params);
}
I didn’t think of entering the “%” in the parameter, I was certain Spring would automatically escape it. I wonder if I’m doing it right?