>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>
>>>But this works:
>>>
>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>DECLARE @LikePerc nvarchar(50)
>>>DECLARE @LikeWoPerc nvarchar(50)
>>>SET @LikePerc = 'WLIF20120047%'
>>>SET @LikeWoPerc = 'WLIF20120047'
>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>
>>
>>So Boris,
>>
>>are you telling me to always add the % on at the end of the string I pass?
>
>Yes (of course when you use LIKE operator :-)).
But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?