1

I have the following query:

select *from activo where id_oficina in(22,23) and id categoría = 'in(1,2)'

How can I remove the "=" character and the single quotes?

I'm working with kendo Ui and I did not know what can be removed manually.

Improve this question
4
  • 2
    string.replaceAll("[=']", "") Commented Jan 26, 2016 at 0:46
  • i does not work, my code line is: filter.replaceAll("[=']",""); Commented Jan 26, 2016 at 1:24
  • Are you assigning the new value back to filter? filter = filter.replaceAll("[=']",""); Commented Jan 26, 2016 at 1:27
  • Not, only add new String: String filter1 = filter.remplaceAll("[=']",""); filter = filter1; Commented Jan 26, 2016 at 1:39

2 Answers 2

Reset to default
1

Know nothing of Kendo, but it appears that you're trying to enter 'in(1,2)' in a field and then have that substituted into the query statement, instead of just entering a single value.

First off, should be using JDBC bind variables, somehow, any SQL statement created by doing string concatenation is ripe with security holes. https://www.owasp.org/index.php/Top_10_2013-A1-Injection

Second, you can't bind values for an IN the same way as a single value. Now, you could always have an IN clause and sometimes you'll bind just a single value. This has been addressed before: How do I bind an ArrayList to a PreparedStatement in Oracle?

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The replaceAll suggested by @Andy Turner works:

String string = "select *from activo where id_oficina in(22,23) and id categoría = 'in(1,2)'";
string = string.replaceAll("[=']", "");
System.out.println(string);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.