How to use LIKE in a dynamic t-sql expression in a stored procedure?

Question

How to use LIKE in a dynamic t-sql expression in a stored procedure?

I am trying to use the LIKE keyword with% wildcards that carry this parameter, but I'm not sure how to get% characters in the statement without breaking it. Right now I have:

SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE %@search%'

I get a SqlException error in my .net application that says “Invalid syntax next to“ @search ”when I run it. The error disappears if I delete% of the characters surrounding the @search parameter.

+3

sql sql-server tsql stored-procedures

Industrial themes Mar 21 '11 at 20:58

source share

5 answers

SET @SQLQuery = 'SELECT * from [tblApps] WHERE [firstName] LIKE ''%'' + @search + ''%'''
exec sp_executesql @query=@SQLQuery, @params=N'@search nvarchar(96)', @search=@search

, sql , SQL-.

+3

hova 21 . '11 21:26

SET @search = '%' + @search 
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE ' + @search + '%'

+1

Neil knight Mar 21 '11 at 21:09

source share

It worked for me!

SET @search = '''%' + @search + '%'''
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE' + @search
EXEC sp_executesql @SQLQuery

0

Vinayak prabha Sep 26 '15 at 14:49

source share

declare @Cmd nvarchar(2000)
declare @eName varchar(10)
set @eName='a'
set @Cmd= 'select * from customer1 where name LIKE '''+'%' +@eName+ '%' + ''''
print @Cmd
EXECUTE sp_executesql @Cmd

0

sohan yadav Dec 02 '16 at 13:01

source share

Av pinzur · Accepted Answer · 2011-03-21T21:04:06+0000

The% characters must be in the search bar ...

SET @search = '%' + @search + '%'
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE @search'

Please note that the following will work, but introduces potential for SQL injection vulnerability ...

-- DON'T do this!
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE ''%' + @search + '%'''

How to use LIKE in a dynamic t-sql expression in a stored procedure?

More articles: