Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Stored Procedure returning no results
Message
From
01/06/2012 18:28:49
Frank Cazabon
Samaan Systems Ltd
St Augustine, Trinidad
 
General information
Forum:
Microsoft SQL Server
Category:
Stored procedures, Triggers, UDFs
Title:
Re: Stored Procedure returning no results
Environment versions
SQL Server:
SQL Server 2008
Miscellaneous
Thread ID:
01544680
Message ID:
01545119
Views:
30
>>>>>>I don't understand why my code isn't working as I use the identical technique in another SP and it works wonderfully
>>>>>
>>>>>But this works:
>>>>>
>>>>>DECLARE @Test TABLE (Fld1 NVARCHAR(50))
>>>>>INSERT INTO @Test VALUES ('WLIF20120047')
>>>>>DECLARE @LikePerc nvarchar(50)
>>>>>DECLARE @LikeWoPerc nvarchar(50)
>>>>>SET @LikePerc = 'WLIF20120047%'
>>>>>SET @LikeWoPerc = 'WLIF20120047'
>>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikePerc
>>>>>SELECT * FROM @Test WHERE Fld1 LIKE @LikeWoPerc
>>>>>
>>>>
>>>>So Boris,
>>>>
>>>>are you telling me to always add the % on at the end of the string I pass?
>>>
>>>Yes (of course when you use LIKE operator :-)).
>>
>>But when I run your sample code I get results for both SELECTs, so I don't need the % to get the correct result.
>>
>>Somebody has indicated that my type of code is susceptible to SQL Injection. I thought the use of Parameters made that impossible. What do you say?
>
>Check this thread http://social.msdn.microsoft.com/Forums/en-US/transactsql/thread/334ec7b9-5c5c-4860-9418-2b75c0489f01 and especially reply from Erland Sommarskog and his links.

Thanks, that is where I believe I first got the way to do this SP.
Frank.

Frank Cazabon
Samaan Systems Ltd.
www.samaansystems.com
Previous
Reply
Map
View

Click here to load this message in the networking platform