>>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>>
>>>>But this works:
>>>>
>>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>>DECLARE @LikePerc nvarchar(50)
>>>>DECLARE @LikeWoPerc nvarchar(50)
>>>>SET @LikePerc = 'WLIF20120047%'
>>>>SET @LikeWoPerc = 'WLIF20120047'
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>>
>>>
>>>So Boris,
>>>
>>>are you telling me to always add the % on at the end of the string I pass?
>>
>>Yes (of course when you use LIKE operator :-)).
>
>But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
>
>Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?
Your code is not a subject to SQL injection since you're using parameters.
If it's not broken, fix it until it is.
My Blog