tags:

views:

46

answers:

3
+2  Q: 

Dynamically extend SQL statement - page search

In my model I have a string txtSearche with the value coming from a textbox like :

"hello all friends"

How can I write my statement dynamic adding WHERE text LIKE '%Text%' for each word additional? something like 3 times:

WHERE Text LIKE '%@Text%'";

This is my code:

string[] wordsFromTxtSearche = txtSearche.Split(' ');

SqlCommand cmd = new SqlCommand();
cmd.Connection = connection;
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = @"SELECT * "
                  + " FROM ForumThread "
                  + " WHERE Text LIKE '%@Text%'";
cmd.Parameters.Add(new SqlParameter("@Text", txtSearche));

I suppose I need to do it with help of For loop but i don't know how. please help me

+1  A: 

Something like:

string command = @"SELECT * FROM ForumThread where ";
bool first = false;

foreach (string word in words)
{
   if (first)
       command += " and ";
   else
       first = true;

   command += " Text like '%" + word + "%' ";
}

cmd.CommandText = command;

If you wanted to stick to parameters, you have to create a scheme to generating a unique param, maybe something like:

string command = @"SELECT * FROM ForumThread where ";
bool first = false;

for(int i = 0, len = words.Length; i < len; i++)
{
   string word = words[i];
   if (first)
       command += " and ";
   else
       first = true;

   command += " Text like @param" + i.ToString() + " ";
   cmd.Parameters.Add("@param" + i.ToString(), "%" + words[i] + "%");
}

cmd.CommandText = command;

HTH.

Brian  2010-09-09 16:05:13
Parameterized version is definitely better. Your first version is a magnet for SQL injection.
Juliet  2010-09-09 16:07:17
+1. Stick with parameters.
p.campbell  2010-09-09 16:19:53
+1  A: 

See if this works... totally untested :)

SqlCommand cmd = new SqlCommand(); 
cmd.Connection = connection; 
cmd.CommandType = System.Data.CommandType.Text; 
string sql = "SELECT * FROM ForumThread WHERE ";
// assuming you have at least 1 item always in wordsFromTxtSearche
int count = 1;
foreach (string word in wordsFromTxtSearche)
{
    if (count > 1) sql += " AND ";
    sql += "Text LIKE @Text" + count.ToString();
    cmd.Parameters.Add(new SqlParameter("@Text" + count.ToString(),
        string.Format("%{0}%", word)));
    count++;
}
cmd.CommandText = sql;
Kelsey  2010-09-09 16:07:00
is it no else here?? can you write the same please just with "{}" :if (count > 1) sql += " AND "; sql += "Text LIKE @Text" + count.ToString(); cmd.Parameters.Add(new SqlParameter("@Text" + count.ToString(), string.Format("%{0}%", word))); count++;
Ragims  2010-09-09 16:44:47
+3  A: 

SQL won't interpolate parameters in strings, and you can use linq to clean up some messy looping code.

string[] words = txtSearche.Split(' ', StringSplitOption.RemoveEmptyEntries);
string[] paramNames = Enumerable.Range(1, words.Length)
    .Select(i => "p" + i)
    .ToArray();
string likeClause = string.Join("AND ",
     paramNames.Select(name => "col like '%' + " + name + " + '%'");
SqlParmeter[] sqlParams = Enumerable.Range(1, words.Length)
    .Select(i => new SqlParameter(paramNames[i], words[i]))
    .ToArray();

SqlCommand cmd = new SqlCommand();
cmd.Connection = connection;
cmd.CommandType = System.Data.CommandType.Text;
cmd.CommandText = @"SELECT * FROM ForumThread WHERE " + likeClause;
cmd.Parameters.AddRange(sqlParams);

For what its worth, don't use like to implement a forum search, use full text search instead.

Juliet  2010-09-09 16:22:04

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?