tags:

views:

54

answers:

4
Q: 

SQL Server query using LIKE has problems with spaces under VBScript

[Withdrawing question: the issue arose from not escaping values submitted in web form. The ASP script removed unescaped spaces thereby causing the problem.]

In a web page I am attempting to conduct a search against a table in MS SQL Server using VBScript. The search uses a LIKE clause (with wildcards). The search works fine if the input has no spaces in it. However, if there is a space in the input, the search returns nothing.

For example, if I search for IT Department I get nothing, but if I search for Department I get IT Department. Somehow, the space between IT and Department is causing trouble. If I run the script directly against the server using SQL Server Management Studio, the search using IT Department returns the proper results.

Also, if I don't use SQL placeholder parameters but instead put in search string directly, the search works.

It is only in the case where the search string contains a space and uses placeholders where the search fails.

Here is the code I am using:

Dim oCmd, OffDescParam, description, query
description = "IT Department"
Set oCmd = Server.CreateObject("ADODB.Command")

OffDescParam = "%" & description & "%"
Set objOffDescParam = _
  oCmd.CreateParameter("@offdesc", adChar, adParamInput, Len(OffDescParam), OffDescParam)

query = "SELECT OfficialDescription " & _
        "FROM [MyDatabase].[dbo].[Organizations] " & _
        "WHERE (OfficialDescription LIKE ?)" & _
        "ORDER BY OfficialDescription"
' If I use "WHERE (OfficialDescription LIKE '%IT Department%')" it works.

oCmd.ActiveConnection = "some/connection/string"
oCmd.ActiveConnection.CursorLocation = adUseClient
oCmd.CommandType = adCmdText
oCmd.CommandText = query

oCmd.Parameters.Append objOffDescParam
oCmd.Prepared = True
Set oRst = CopyRecordSet(oCmd.Execute)
oCmd.ActiveConnection.close
A: 

Doesn't it need to be...

"WHERE (OfficialDescription LIKE '?')" & _
DaveShaw  2010-07-12 21:29:15
No. The placeholder (parameter) gets replaced with the properly quoted string. See http://support.microsoft.com/kb/200190.
rlandster  2010-07-12 21:55:24
A: 

Your code works for me (well actually I got an error on the CopyRecordSet line but I suspect that is just something to do with my vbscript/ado version)

In Profiler I saw the following

declare @p1 int
set @p1=1
exec sp_prepexec @p1 output,N'@P1 char(15)',N'SELECT blah FROM [test].[dbo].[mytable] WHERE (mycol LIKE @P1)ORDER BY mycol','%IT Department%'
select @p1

When I ran this directly in Management Studio

declare @p1 int
exec sp_prepexec @p1 output,N'@P1 char(15)',N'SELECT blah FROM [test].[dbo].[mytable] WHERE (mycol LIKE @P1)ORDER BY mycol','%IT Department%'
select @p1

I got back results. Maybe try using profiler your end to see if all is as expected.

Martin Smith  2010-07-12 21:34:16
A: 

Two things you could try, tho it looks like you're doing it correctly:

  • ADO or SQL Server can occasionally behave in a surprising way when you use adChar. Try using adVarChar instead.
  • VB's Len function sometimes returns the number of bytes (though for a string, it shouldn't.) Try manually calculating the length of the string and passing that to CreateParameter.
Andomar  2010-07-12 21:42:06
I tried `adVarChar` with the same results. I am not sure what you meant by calculate the length of the string manually. What way is there to calculate the length of a string in VB other than with `Len`?
rlandster  2010-07-12 21:53:26
@rlandster: You could pass `15` instead of `Len(OffDescParam)`. It's a long shot, since you're clearly passing a string
Andomar  2010-07-12 22:15:05
A: 

what is the field's data type?

Gary  2010-07-13 03:02:01

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?