Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Stored Procedure returning no results
Message
From
30/05/2012 15:24:35
Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidad
 
 
To
30/05/2012 14:29:25
Mike Yearwood
Toronto, Ontario, Canada
General information
Forum:
Microsoft SQL Server
Category:
Stored procedures, Triggers, UDFs
Title:
Re: Stored Procedure returning no results
Environment versions
SQL Server:
SQL Server 2008
Miscellaneous
Thread ID:
01544680
Message ID:
01544820
Views:
26
>>>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>>>
>>>>>But this works:
>>>>>
>>>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>>>DECLARE @LikePerc nvarchar(50)
>>>>>DECLARE @LikeWoPerc nvarchar(50)
>>>>>SET @LikePerc = 'WLIF20120047%'
>>>>>SET @LikeWoPerc = 'WLIF20120047'
>>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>>>
>>>>
>>>>So Boris,
>>>>
>>>>are you telling me to always add the % on at the end of the string I pass?
>>>
>>>Yes (of course when you use LIKE operator :-)).
>>
>>But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
>>
>>Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?
>
>Hi Frank
>
>There are many misconceptions about SQLIA. You should explain to that person that your code specifically is passing user entries as parameters to sp_executesql which makes this safe.

Thanks Mike. How do you know my code is doing this?
Frank.

Frank Cazabon
Samaan Systems Ltd.
www.samaansystems.com
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform