Dan Miser
Thoughts from Dan Miser RSS 2.0
 Tuesday, October 30, 2007
Parameterized LIKE in MSSQL
Here are a couple of things to remember when you want to use a parameterized LIKE clause in a SELECT statement.

When using a parameter to an integer ID column, you need to break the statement apart so that the parameter stands apart from the wildcard characters: 


string sql = 
  @"SELECT * FROM myTable WHERE iId like '[%]' + @iId + '[%]'";

However, that same syntax will not work if you are using a varchar column. Instead, you need to embed the wildcard characters directly into the paramter's value: 


string sql =
  @"SELECT * FROM myTable WHERE vcDesc like @iId";

cmd.Parameters.Add(new SqlParameter("@vcDesc", "%" + desc + "%"));

The second syntax works in both cases, so it probably just makes sense to use that everywhere and not worry

Tuesday, October 30, 2007 2:07:42 PM (Central Standard Time, UTC-06:00)  #    Comments [0] -

Navigation
ALT.NET
Home
Categories
 
 
 
 
 
 
 
 
 
 
 
 
Archive
<September 2008>
SunMonTueWedThuFriSat
31123456
78910111213
14151617181920
21222324252627
2829301234
567891011
Blogroll
 Geoff Lane
 Hallvard Vossbotn
 Steve Trefethen
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2008
Dan Miser
Sign In
Statistics
Total Posts: 308
This Year: 23
This Month: 1
This Week: 0
Comments: 604
All Content © 2008, Dan Miser
DasBlog theme 'Business' created by Christoph De Baene (delarou)