It appears you are attempting to build a String for SQL
. PreparedStatement
should be used instead for this purpose.
PreparedStatement preparedStatement =
connection.prepareStatement("select * from x where name = ?");
preparedStatement.setString(1, "John");
Edit:
Given that you're using EntityManager
, you can use its equivalent setParameter
Query q =
entityManager.createNativeQuery("select * from x where name = ?", MyClass.class);
q.setParameter(1, "John");