+ Start a Discussion
Sree SalesforceSree Salesforce 

dos anyone help me :- list<sobject> str=database.query('select id,name from account where name like' +'\''+st+'\'');

can you explain this.
string st='test';
list<sobject> str=database.query('select id,name from account where name like' +'\''+st+'\'');

can anyone explain clearly , How system understand these characters after like
        +'\''+st+'\''
 
Gaurav Gupta 91Gaurav Gupta 91
\" is equal to ", hope it will work for you.
Sree SalesforceSree Salesforce
query is working fine. BUt i want to understand the characters +'\''+st+'\''
Alain CabonAlain Cabon
Hi,

+'\''+st+'\'' is just a concatenation for enclosing the sting with simple quotes in a dynamic query but it is the better way for preventing SQL injection.
 
String myTestString = 'TestName';
String escapedStr = String.escapeSingleQuotes(myTestString);
List<sObject> sobjList = Database.query('SELECT Id FROM MyCustomObject__c WHERE Name = :escapeStr');

https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_dynamic_soql.htm

Without wilcards, LIKE here is equivalent to "="
  1. The % and _ wildcards are supported for the LIKE operator.
  2. The % wildcard matches zero or more characters.
  3. The _ wildcard matches exactly one character.
  4. The text string in the specified value must be enclosed in single quotes.
  5. The LIKE operator is supported for string fields only.
  6. The LIKE operator performs a case-insensitive match, unlike the case-sensitive matching in SQL.

and there is a special construct in apex little known:
Set<String> emails = new Set<String>{'first.last1%','first.last2%'};
List<User> users = [SELECT Id, Email
FROM User
WHERE Email like :emails];
http://salesforce.stackexchange.com/questions/45788/use-a-wildcard-with-the-in-operator-in-a-soql-query