tags:

views:

28

answers:

4
Q: 

Selecting a approximate values by using stored procedure

Using SQL Server 2005 and VB.Net

Table1

ID Name Dept

001 Raja IT
002 Ravi CSE
003 Suns IT

Stored Procedure

Create Procedure Selecttable1 As Select ID, Name, Dept from table1

I want to execute the stored procedure with condition like

cmd = new sqlcommand("Exec SelectTable1 where id like  '" & idsearch.Text & "%' ", dbcon)
cmd.ExecuteNonQuery

idsearch.Text - Textbox Input value

When I try to run the above query it was showing error.

How to execute a stored procedure with conditions?

Need Query Help

A: 

your proc needs to accept parameters.

asdfaaa  2010-02-23 13:52:36
+3  A: 

You seem to be looking for running a stored procedure with parameters.

For this both the stored procedure needs to be created with parameters, and the code calling it should pass those in.

Stored Procedure:

Create Procedure Selecttable1 
   @inID INT
As Select ID, Name, Dept from table1
WHERE ID = @inID

Code:

cmd = new SqlCommand("SelectTable1", dbcon)
cmd.Parameters.Add(new SqlParameter("@inID", idsearch.Text))

Do not use a construct like in your example ("Exec SelectTable1 where id like '" & idsearch.Text & "%' "), as this is an open SQL Injection vulnerability.

You should use parameters, as described above in order to avoid this.

Oded  2010-02-23 13:52:38
+1. The only one of us to mention the SQL Injection vulnerability. Good job.
David Stratton  2010-02-23 14:00:33
A: 

I would create a second stored procedure that takes "idsearch" as a parameter and applies the LIKE condition directly on the underlying query.

e.g.

CREATE PROCEDURE MySproc2
    @IDSearch VARCHAR(100)
AS
BEGIN
   SELECT SomeField
   FROM YourTable
   WHERE AnotherField LIKE @IDSearch + '%'
END
AdaTheDev  2010-02-23 13:54:19
A: 

Here's an example (not with your data) from the standard SQL Sever ocumentation at http://msdn.microsoft.com/en-us/library/aa258259(SQL.80).aspx

CREATE PROCEDURE au_info2
   @lastname varchar(30) = 'D%',
   @firstname varchar(18) = '%'
AS 
SELECT au_lname, au_fname, title, pub_name
FROM authors a INNER JOIN titleauthor ta
   ON a.au_id = ta.au_id INNER JOIN titles t
   ON t.title_id = ta.title_id INNER JOIN publishers p
   ON t.pub_id = p.pub_id
WHERE au_fname LIKE @firstname
   AND au_lname LIKE @lastname
GO

You'll find most of the documentation you need for SQL Server from the site I linked to.

David Stratton  2010-02-23 13:54:54

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?