formsof

Problem with search query in my Sql Server stored proc

Hi folks, I have the following stored proc :- SELECT Id, Name FROM FooBars WHERE CONTAINS(Name, 'FORMSOF(Tesaurus, @query)') Works fine when there is one word i the query: eg. foo* But it fails when I want to have more than one word which i'm trying to look for. eg. foo* bar* (this means any rows that have words that start with foo a...

Parameters in the FormsOf function and SQL injection

Is the following SQL susceptible to SQL injection via the @SearchWord parameter? I want to use parameters with the FormsOf function, but the only guide to doing so I've found is in this Stack Overflow question: http://stackoverflow.com/questions/1362220/how-to-pass-parameter-to-formsof-function-in-sql-server However the solution seems ...