-2

I am getting "incorrect syntax near 's' for the below query

enter image description here

Praveen
  • 8,945
  • 4
  • 31
  • 49
Phạm Văn Tuấn
  • 11
  • 4
  • 1
    Possible duplicate of [How do I escape a single quote in SQL Server?](https://stackoverflow.com/questions/1586560/how-do-i-escape-a-single-quote-in-sql-server) – Krypt1 May 11 '18 at 10:42
  • Most people here want formatted text, not images. (I can't read that tiny image text...) – jarlh May 11 '18 at 10:54
  • Provide us a table example and, you want to grab all "TenHang" starting with 't' having a ' inside their name? – xCloudx8 May 11 '18 at 10:54

1 Answers1

0

Your variable string contains a single quote which makes your generated SQL end before-hand. You need to escape the single quote to build correctly the SQL.

String sql = "select * from Hang1 where TenHang like '%" + t.replace("'", "''") + "%' ";

You are wide open to SQL injection, please take measures to prevent it!

EzLo
  • 13,780
  • 10
  • 33
  • 38