Results 1 to 7 of 7
Like Tree2Likes
  • 1 Post By LenteraSoft
  • 1 Post By SurfMan

Thread: using wildcards with user input

  1. #1
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default using wildcards with user input

    hi
    I wasn't sure where to post this :(


    I have a mysql database and I want to be able to search through a table for a key word in a column like:

    words
    my fat cat
    the yellow canary
    what blue cow

    and if i put in the full string like "what blue cow" if finds a match, but I want to be able to put in "blue" and see if it finds a match

    Java Code:
    String keyword = t3.getText();
    String sql1;
     sql1= "SELECT * FROM table WHERE words ='"+keyword+"'";
    rs = stmt.executeQuery(sql1);
                       
    while(rs.next()){
                           
     JOptionPane.showMessageDialog(null, "found match");
    }
    Im not sure how to do this using wild cards with user input (a JTextfield)

    would really appreciate the help!

  2. #2
    LenteraSoft is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    i think you should put % beside the keyword
    ---> sql1= "SELECT * FROM table WHERE words ='"+keyword+"%'";

    Quote Originally Posted by m00n View Post
    hi
    I wasn't sure where to post this :(


    I have a mysql database and I want to be able to search through a table for a key word in a column like:

    words
    my fat cat
    the yellow canary
    what blue cow

    and if i put in the full string like "what blue cow" if finds a match, but I want to be able to put in "blue" and see if it finds a match

    Java Code:
    String keyword = t3.getText();
    String sql1;
     sql1= "SELECT * FROM table WHERE words ='"+keyword+"'";
    rs = stmt.executeQuery(sql1);
                       
    while(rs.next()){
                           
     JOptionPane.showMessageDialog(null, "found match");
    }
    Im not sure how to do this using wild cards with user input (a JTextfield)

    would really appreciate the help!

  3. #3
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    Tried it, but still doesn't match anything... :(

    Quote Originally Posted by LenteraSoft View Post
    i think you should put % beside the keyword
    ---> sql1= "SELECT * FROM table WHERE words ='"+keyword+"%'";

  4. #4
    m00n is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    Quote Originally Posted by m00n View Post
    Tried it, but still doesn't match anything... :(
    just figured it out. I had to add a string setkeyword = "%"+keyword"%";
    then let sql1= "SELECT * FROM table WHERE words ='"+setkeyword+"'";

  5. #5
    LenteraSoft is offline Member
    Join Date
    May 2014
    Posts
    4
    Rep Power
    0

    Default Re: using wildcards with user input

    m00n likes this.

  6. #6
    SurfMan's Avatar
    SurfMan is offline Godlike
    Join Date
    Nov 2012
    Location
    The Netherlands
    Posts
    929
    Rep Power
    2

    Default Re: using wildcards with user input

    Try to input in the JTextField: ' and 1=1; drop table users;--

    Then read this: xkcd: Exploits of a Mom

    Then read about PreparedStatements: Using Prepared Statements (The Java™ Tutorials > JDBC(TM) Database Access > JDBC Basics)

    Then try again.
    kneitzel likes this.
    "It's not fixed until you stop calling the problem weird and you understand what was wrong." - gimbal2™ © 2013

  7. #7
    JosAH's Avatar
    JosAH is offline Moderator
    Join Date
    Sep 2008
    Location
    Voorschoten, the Netherlands
    Posts
    13,361
    Blog Entries
    7
    Rep Power
    20

    Default Re: using wildcards with user input

    Quote Originally Posted by SurfMan View Post
    Try to input in the JTextField: ' and 1=1; drop table users;--

    Then read this: xkcd: Exploits of a Mom

    Then read about PreparedStatements: Using Prepared Statements (The Java™ Tutorials > JDBC(TM) Database Access > JDBC Basics)

    Then try again.
    Sometimes I wonder how much 'professional' (mind the quotes) software still exists, vulnerable to that silly injection hack ... but most of the time I know the answer already: quite a bit, given the amateurism in the ict field and the 'products' (read: quick stupid hacks that had to be delivered cheap etc. by incompetent script kiddies) it installs all over the world.

    kind regards,

    Jos
    cenosillicaphobia: the fear for an empty beer glass

Similar Threads

  1. Asking user for input twice
    By csanch11 in forum New To Java
    Replies: 4
    Last Post: 04-19-2014, 08:54 AM
  2. user input on gui
    By JoePenguin in forum New To Java
    Replies: 5
    Last Post: 01-26-2012, 07:27 PM
  3. User input
    By the ole buc in forum New To Java
    Replies: 16
    Last Post: 12-11-2011, 07:08 PM
  4. Need help getting input(first/last name) from user
    By nightrise420 in forum New To Java
    Replies: 11
    Last Post: 09-11-2010, 03:09 AM
  5. User Input
    By brmcdani in forum New To Java
    Replies: 2
    Last Post: 02-05-2010, 01:59 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •