How do i handle this code:
CREATE PROCEDURE sp_Test
@pchrTest1
AS
SELECT
fldTest1,
fldTest2
FROM
tblTest1
WHERE fldTest1 LIKE '%' + @pchrTest1
This codes seems it does not work.
Thanks in advance
Passing parameter in LIKE statement with '%'
Hot Topic
- String to Date Conversions
- Distribution Agent Error - (Multiple-step OLE DB operation generated errors....)
- where did scptxfr go?
- Grouping by custom datepart for shift patterns
- Change Column Order
- Opening a hyperlink in new window
- Inner Join matches non-equal fields??????
- Package Configurations not so portable?
- Stored Procedure Problem - Couldn't find forum specifically for SP's
- ForEach Loop or For Loop??
SQL Server
- Problem with remote replication
- SQLEVN70.rll Error When system is booted up
- How to install SQL Server Express Management Studio in different folder.
- Text in to Datetime Question
- Planning execution of package
- Do Reporting Service have the ability to create Slice and Dice Report on web
- Swapping partitions in SSAS 2005
- PhysicalApplicationPath in a DTS script task
- Replication between SQL CE 2.0 and SQL Server 2005 not working
- Issue with Dynamic SQL stored procedure and SSIS OLE DB Data Reader
Passing parameter in LIKE statement with '%'
henlylow
Just a warning...if any of this data is sensitive, this will open you up to "SQL injection" attacks:
http://www.nextgenss.com/papers/advanced_sql_injection.pdf
miketravers
Your code above should work when done like this:
CREATE PROCEDURE sp_Test
@pchrTest1
AS
EXEC('SELECT fldTest1, fldTest2 FROM tblTest1WHERE fldTest1 LIKE '''%' + @pchrTest1)
Regards,
-chris
khurrammughal
Try: @pchrTest1 varchar(256)
It does work like this (without dynamic SQL).