Stored Procedure returning no results

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Stored Procedure returning no results

Message

From

01/06/2012 11:55:32

Naomi Nosonovsky
Wisconsin, United States

30/05/2012 10:18:26

Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidad

General information

Forum:

Microsoft SQL Server

Category:

Stored procedures, Triggers, UDFs

Title:

Re: Stored Procedure returning no results

Environment versions

SQL Server:

SQL Server 2008

Miscellaneous

Thread ID:

01544680

Message ID:

01545069

Views:

>>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>>
>>>>But this works:
>>>>

>>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>>DECLARE @LikePerc nvarchar(50)
>>>>DECLARE @LikeWoPerc nvarchar(50)
>>>>SET @LikePerc = 'WLIF20120047%'
>>>>SET @LikeWoPerc = 'WLIF20120047'
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>>

>>>
>>>So Boris,
>>>
>>>are you telling me to always add the % on at the end of the string I pass?
>>
>>Yes (of course when you use LIKE operator :-)).
>
>But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
>
>Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?

Check this thread http://social.msdn.microsoft.com/Forums/en-US/transactsql/thread/334ec7b9-5c5c-4860-9418-2b75c0489f01 and especially reply from Erland Sommarskog and his links.

If it's not broken, fix it until it is.

My Blog

Map

View

Click here to load this message in the networking platform