Reputation: 2915
Wildcards in SQL parameter
I need to do a like search, in my SQL Server database. BUT, how do I do this, while still using parameters for my search value?
I am not talking about encapsulating in %'s. I need to be able to add a % in the middle of the search word.
WHERE title LIKE '%foo%bar%'
as an example, but with params.
Edit: To elaborate on the params: I am using MS SQL 2008, and C#, so it would be:
WHERE title LIKE '@SearchParam'
and @SearchParam would then be set to "%foo%bar%".
I hope that makes sense?
Upvotes: 2
Views: 6142
Answers (2)
Reputation: 47520
This should work fine if you are using Stored Procedures. Here is a similar thread.
How to Escape Wildcard Characters While Searching in SQL Server
Are you looking for something like below?
where title like '%foo[%]bar%'
Upvotes: 0
Reputation: 15075
This works fine
create proc dbo.lookupWild(@LIKEclause VARCHAR(20))
as
begin
select * from teams where Name like @LIKEclause
end
go
exec lookupWild 'E%G%'
And things like '1=1 -- drop table' are not SQL injected, they are just part of the wildcard search
Upvotes: 3
Related Questions
- Queries using LIKE wildcards in sql server
- Sql wildcard not end string
- SQL like with two wildcards anywhere in text
- SQL LIKE with different wild cards pattern
- sql: like with wildcard
- How do I use a wild card in the middle of an sql server like query
- SQL LIKE operator and wildcard characters
- SQL LIKE operator with parameters and wildcards
- How to pass variable to LIKE wildcard
- Wildcards in T-SQL LIKE vs. ASP.net parameters