views:

166

answers:

4

I have an application that builds dynamic parameterized SQL queries. The following query returns an inner exception of "syntax error at or near "="...

I am thinking it is in the way that I am assigning the parameter to the column name but, I'm not sure. Code follows.

SELECT TOP 50 77 AS Repository, DocID, LastFileDate, ImageCount,
 LockedUserID,   DocClass, Offline, FileType, OrigFileName, C_CredCardSSN, C_CredCardName,C_CredCardDocType, C_CredCardDocDate, C_CredCardStatus 

FROM D77 

WHERE C_CredCardSSN 

LIKE C_CredCardSSN = @sp1% 

ORDER BY C_CredCardSSN,C_CredCardName

EDIT: Thanks to everyone. All of these answers helped. =)

+5  A: 

Try just

WHERE C_CredCardSSN LIKE @sp1

or

WHERE C_CredCardSSN LIKE @sp1+'%'

depending on why you had a "%" there (thanks to Joel Coehoorn's comment for pointing out the "%" I'd missed).

Or (in response to your comment) maybe:

WHERE C_CredCardSSN LIKE ''+@sp1
MarkusQ
only 1 of 2 problems fixed here
Joel Coehoorn
Doh! Good catch.
MarkusQ
No prob ;) Looks fine now.
Joel Coehoorn
The problem I get here is that it will now return an error that says I must declare a scalar variable \"@sp1"\. This was where I started at and had added the "C_CredCardSSN = @sp1" to fix. If it helps, this is all constructed in a string builder and then passed a command text to a SqlCommand object
Jon Ownbey
the value of @sp1 is then passed as a SqlCommand Parameter
Jon Ownbey
Show the code where you create the SqlCommand Parameter
Joel Coehoorn
+4  A: 

The LIKE statement should look like this:

WHERE C_CredCardSSN LIKE @sp1 + '%'
Joel Coehoorn
+2  A: 

Try this:

WHERE C_CredCardSSN like @sp1 + '%'

This will only find your C_CredCardSSN if the first few characters are correct. To find anything within that value try it like this

WHERE C_CredCardSSN like '%' + @sp1 + '%'
Eppz
+1  A: 

Try adding the '%' to the text before adding it as a parameter to the query:

SqlParameter p = new SqlParameter("@sp1");
p.value = C_CredCardSSNText + "%";
scottm