tags:

views:

166

answers:

4
+1  Q: 

Parameterized SQL Query error.

I have an application that builds dynamic parameterized SQL queries. The following query returns an inner exception of "syntax error at or near "="...

I am thinking it is in the way that I am assigning the parameter to the column name but, I'm not sure. Code follows.

SELECT TOP 50 77 AS Repository, DocID, LastFileDate, ImageCount,
 LockedUserID,   DocClass, Offline, FileType, OrigFileName, C_CredCardSSN, C_CredCardName,C_CredCardDocType, C_CredCardDocDate, C_CredCardStatus 

FROM D77 

WHERE C_CredCardSSN 

LIKE C_CredCardSSN = @sp1% 

ORDER BY C_CredCardSSN,C_CredCardName

EDIT: Thanks to everyone. All of these answers helped. =)

+5  A: 

Try just

WHERE C_CredCardSSN LIKE @sp1

or 

WHERE C_CredCardSSN LIKE @sp1+'%'

depending on why you had a "%" there (thanks to Joel Coehoorn's comment for pointing out the "%" I'd missed).

Or (in response to your comment) maybe:

WHERE C_CredCardSSN LIKE ''+@sp1
MarkusQ  2009-03-26 19:53:42
only 1 of 2 problems fixed here
Joel Coehoorn  2009-03-26 19:58:06
Doh! Good catch.
MarkusQ  2009-03-26 20:02:34
No prob ;) Looks fine now.
Joel Coehoorn  2009-03-26 20:04:41
The problem I get here is that it will now return an error that says I must declare a scalar variable \"@sp1"\. This was where I started at and had added the "C_CredCardSSN = @sp1" to fix. If it helps, this is all constructed in a string builder and then passed a command text to a SqlCommand object
Jon Ownbey  2009-03-26 20:18:56
the value of @sp1 is then passed as a SqlCommand Parameter
Jon Ownbey  2009-03-26 20:19:34
Show the code where you create the SqlCommand Parameter
Joel Coehoorn  2009-03-26 23:08:58
+4  A: 

The LIKE statement should look like this:

WHERE C_CredCardSSN LIKE @sp1 + '%'
Joel Coehoorn  2009-03-26 19:57:23
+2  A: 

Try this:

WHERE C_CredCardSSN like @sp1 + '%'

This will only find your C_CredCardSSN if the first few characters are correct. To find anything within that value try it like this

WHERE C_CredCardSSN like '%' + @sp1 + '%'
Eppz  2009-03-26 19:57:34
+1  A: 

Try adding the '%' to the text before adding it as a parameter to the query:

SqlParameter p = new SqlParameter("@sp1");
p.value = C_CredCardSSNText + "%";
scottm  2009-03-26 20:37:56

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP