>>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>>
>>>>But this works:
>>>>
>>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>>DECLARE @LikePerc nvarchar(50)
>>>>DECLARE @LikeWoPerc nvarchar(50)
>>>>SET @LikePerc = 'WLIF20120047%'
>>>>SET @LikeWoPerc = 'WLIF20120047'
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>>
>>>
>>>So Boris,
>>>
>>>are you telling me to always add the % on at the end of the string I pass?
>>
>>Yes (of course when you use LIKE operator :-)).
>
>But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
>
>Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?
Check this thread
http://social.msdn.microsoft.com/Forums/en-US/transactsql/thread/334ec7b9-5c5c-4860-9418-2b75c0489f01 and especially reply from Erland Sommarskog and his links.
If it's not broken, fix it until it is.
My Blog