tags:

views:

1963

answers:

3
+1  Q: 

C# constructing paramater query SQL - LIKE %

I am trying to build SQL for a parameter query in C# for a query which will contain the LIKE %% command.

Here is what I am trying to acheive (please note that the database is Firebird)

var SQL = string.format("SELECT * FROM {0} WHERE {1} LIKE '%?%'", TABLE, NAME);
Cmd.Parameters.AddWithValue(NAME, "JOHN");

Now I have tried every single permutation to get the parameter to work, I have tried;

  • adding the % character to the parameter,

    Cmd.Parameters.AddWithValue(NAME, "%" + "JOHN" + "%");

  • or

    Cmd.Parameters.AddWithValue(NAME, "'%" + "JOHN" + "%'");

I cannot seem to get this to work, how can I use a parameter for the LIKE query to work.

Suggestion welcome!

A: 

In the past when doing this, i've simply integrated it into the sql, making sure that i replace single quotes with question marks to deal with sql injection. Eg:

var SQL = string.format("SELECT * FROM {0} WHERE {1} LIKE '%{2}%'",
  TABLE,
  NAME,
  JOHN.Replace("'","?"));
Chris  2009-03-19 22:36:21
+2  A: 

You can't have parameters inside of a string literal in the query. Make the entire value the parameter, and add the wildcards to the string:

var SQL = string.format("SELECT * FROM {0} WHERE {1} LIKE ?", TABLE, NAME);
Cmd.Parameters.AddWithValue(NAME, "%" + "JOHN" + "%");
Guffa  2009-03-19 22:38:43
an example would be ? looks like you just copied my code.
 2009-03-19 22:54:19
Pay closer attention: he moved the wild cards to the parameter. This will work, but imo it's the wrong way to do it.
Joel Coehoorn  2009-03-19 23:01:44
@Myhiad: Notice that there is only ? after the like operator, no wildcard characters and no apostrophes.
Guffa  2009-03-19 23:06:27
@Joel Coehoorn: There is no reason to be rude. The question doesn't contain any information about how the query looks after the parameter has been changed.
Guffa  2009-03-19 23:12:05
well this was the option that actually worked! thanks Guffa
 2009-03-19 23:59:42
+2  A:  
var SQL = string.Format("SELECT * FROM {0} WHERE {1} LIKE '%' + ? + '%'", TABLE, NAME);
Cmd.CommandText = SQL;
Cmd.Parameters.Add("?", SqlDbType.VarChar, 50).Value = "JOHN";
Joel Coehoorn  2009-03-19 22:54:39
is this SQL valid for Firebird?
 2009-03-19 23:02:27
I didn't see the firebird requirement. I updated the sql to make sure it's okay, but the parameter code is wrong because the SqlDbType enum was intended for Sql Server. I still like to avoid AddWithValue, though
Joel Coehoorn  2009-03-19 23:10:08
this is just not working for me. I am getting the following error;FirebirdSql.Data.FirebirdClient.FbException : Dynamic SQL Errorexpression evaluation not supported ----> FirebirdSql.Data.Common.IscException : Exception of type 'FirebirdSql.Data.Common.IscException' was thrown.
 2009-03-19 23:14:59

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?