Results 1 to 7 of 7
Like Tree2Likes
  • 1 Post By LenteraSoft
  • 1 Post By SurfMan

Thread: using wildcards with user input

  1. #1
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default using wildcards with user input

    hi
    I wasn't sure where to post this :(


    I have a mysql database and I want to be able to search through a table for a key word in a column like:

    words
    my fat cat
    the yellow canary
    what blue cow

    and if i put in the full string like "what blue cow" if finds a match, but I want to be able to put in "blue" and see if it finds a match

    Java Code:
    String keyword = t3.getText();
    String sql1;
     sql1= "SELECT * FROM table WHERE words ='"+keyword+"'";
    rs = stmt.executeQuery(sql1);
                       
    while(rs.next()){
                           
     JOptionPane.showMessageDialog(null, "found match");
    }
    Im not sure how to do this using wild cards with user input (a JTextfield)

    would really appreciate the help!

  2. #2
    LenteraSoft is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    i think you should put % beside the keyword
    ---> sql1= "SELECT * FROM table WHERE words ='"+keyword+"%'";

    Quote Originally Posted by m00n View Post
    hi
    I wasn't sure where to post this :(


    I have a mysql database and I want to be able to search through a table for a key word in a column like:

    words
    my fat cat
    the yellow canary
    what blue cow

    and if i put in the full string like "what blue cow" if finds a match, but I want to be able to put in "blue" and see if it finds a match

    Java Code:
    String keyword = t3.getText();
    String sql1;
     sql1= "SELECT * FROM table WHERE words ='"+keyword+"'";
    rs = stmt.executeQuery(sql1);
                       
    while(rs.next()){
                           
     JOptionPane.showMessageDialog(null, "found match");
    }
    Im not sure how to do this using wild cards with user input (a JTextfield)

    would really appreciate the help!

  3. #3
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    Tried it, but still doesn't match anything... :(

    Quote Originally Posted by LenteraSoft View Post
    i think you should put % beside the keyword
    ---> sql1= "SELECT * FROM table WHERE words ='"+keyword+"%'";

  4. #4
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    Quote Originally Posted by m00n View Post
    Tried it, but still doesn't match anything... :(
    just figured it out. I had to add a string setkeyword = "%"+keyword"%";
    then let sql1= "SELECT * FROM table WHERE words ='"+setkeyword+"'";

  5. #5
    LenteraSoft is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    m00n likes this.

  6. #6
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    1,531
    Rep Power
    5

    Default Re: using wildcards with user input

    Try to input in the JTextField: ' and 1=1; drop table users;--

    Then read this: xkcd: Exploits of a Mom

    Then read about PreparedStatements: Using Prepared Statements (The Java™ Tutorials > JDBC(TM) Database Access > JDBC Basics)

    Then try again.
    kneitzel likes this.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  7. #7
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    14,311
    Blog Entries
    7
    Rep Power
    24

    Default Re: using wildcards with user input

    Quote Originally Posted by SurfMan View Post
    Try to input in the JTextField: ' and 1=1; drop table users;--

    Then read this: xkcd: Exploits of a Mom

    Then read about PreparedStatements: Using Prepared Statements (The Java™ Tutorials > JDBC(TM) Database Access > JDBC Basics)

    Then try again.
    Sometimes I wonder how much 'professional' (mind the quotes) software still exists, vulnerable to that silly injection hack ... but most of the time I know the answer already: quite a bit, given the amateurism in the ict field and the 'products' (read: quick stupid hacks that had to be delivered cheap etc. by incompetent script kiddies) it installs all over the world.

    kind regards,

    Jos
    The only person who got everything done by Friday was Robinson Crusoe.

Similar Threads

  1. Asking user for input twice
    By csanch11 in forum New To Java
    Replies: 4
    Last Post: 04-19-2014, 08:54 AM
  2. user input on gui
    By JoePenguin in forum New To Java
    Replies: 5
    Last Post: 01-26-2012, 08:27 PM
  3. User input
    By the ole buc in forum New To Java
    Replies: 16
    Last Post: 12-11-2011, 08:08 PM
  4. Need help getting input(first/last name) from user
    By nightrise420 in forum New To Java
    Replies: 11
    Last Post: 09-11-2010, 03:09 AM
  5. User Input
    By brmcdani in forum New To Java
    Replies: 2
    Last Post: 02-05-2010, 02:59 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •