I want to make this kind of query:
create procedure something
#name varchar(13)
as
begin
select *
from WORKER
where NAME LIKE "%#name%"
end
For input #name=ho, I want output every row that contains NAME which sounds ho,
for example HOuse, soHO, broHOw...
Select * from WORKER where Name Like '%' + #name + '%'
create procedure something
#name varchar(13)
as
begin
select * from WORKER
where NAME LIKE '%' + #name + '%'
end
Related
Is there anything equivalent to the LIKE we use with varchar that can be used with int?
I want to filter with three parameters, two of them are varchar so I can use LIKE and in case I get an empty string I still can retrieve all records. But how can I achieve similar thing with an int
I want to retrieve even if fkProductTypeID doesn't exist:
This is my query:
select * from Product
where Code like '%'+ #code +'%' AND name LIKE '%'+ #name +'%'
AND fkProductTypeID = #ptype
I want it to be able to retrieve results even when I supply an ID that doesn't exist. From front-end, if I pass ' ' in #code,' ' in #name and 0 in #ptype I want it to retrieve all records
You could use this:
select * from Product
where Code like '%'+ #code +'%' AND name LIKE '%'+ #name +'%'
AND (#ptype IS NULL OR fkProductTypeID = #ptype)
if it's in a stored-procedure you should use an IF ... ELSE:
CREATE PROCEDURE dbo.SP_Name(#ptype int, #code varchar(1000), #name varchar(1000))
AS
BEGIN
IF #ptype IS NULL
BEGIN
select * from Product
where Code like '%'+ #code +'%' AND name LIKE '%'+ #name +'%'
END
ELSE
BEGIN
select * from Product
where Code like '%'+ #code +'%' AND name LIKE '%'+ #name +'%'
AND fkProductTypeID = #ptype
END
END
Is this what you want?
select *
from Product
where Code like '%'+ #code +'%' AND name LIKE '%'+ #name +'%' AND
(fkProductTypeID = #ptype or #ptype is null);
The value '' doesn't make sense for an integer. And, don't mix types for comparisons. Just use NULL for this purpose.
Its possible in this way
select * from Product
where CASE WHEN #code>0 THEN Code ELSE 0 END like '%'+ #code +'%'
AND name LIKE '%'+ #name +'%'
AND fkProductTypeID = #ptype
Is concatenating parameter values with % in stored procedures safe from SQL injection?
I have a stored procedure that allows the user to do searches for records that contain the given value in the columns of a table:
CREATE PROC sp_Search
#SearchValue NVARCHAR(255)
AS
BEGIN
SELECT * FROM TableA WHERE ColumnA LIKE '%' + #SearchValue + '%' OR ColumnB LIKE '%' + #SearchValue + '%'
END
can you do ?
CHARINDEX(#SearchValue, [COLUMNA]) > 0
OR CHARINDEX(#SearchValue, [COLUMNB]) > 0
I have 2 input parameters and I want to search users where a part o the username is #Username and a part of the name is #Name that this users part of usernames is #Username and part of name is #Name
SELECT *
FROM tbl_answer
WHERE
an_del = 0
AND u_username = ISNULL(LIKE %#Username%, u_username) OR
u_name = ISNULL(LIKE #Name, u_name)
How I can use LIKE in this stored procedure?
CREATE PROC dbo.SearchAnswers
#Username nvarchar(20),
#Name nvarchar(20)
AS
SELECT *
FROM tbl_answer
WHERE an_del=0 and u_username LIKE '%' + ISNULL(#Username, u_username) + '%'
OR u_name LIKE ISNULL(#Name, u_name)
Example for a SQLServer2008
You need to use dynamic sql, for example sql server:
create procedure MyProc
(
#Username varchar(30),
#Name varchar(30)
)
as
begin
exec ('SELECT * from tbl_answer where an_del=0 and
u_username=isnull(like ''%'+#Username+'%'',u_username)
or u_name=isnull(like '''+#Name+''',u_name)')
end
I want to perform a small SQL server search in my ASP.NET web project. My database is not big so I think it's better not to use full-text-search.
I want to perform a simple search like this:
select * from mytable where columnA LIKE '%something%'
I can use = in the following way:
select * from mytable where columnA='"+myVariable+"'
but how can I use a variable instead of %something% in the LIKE phrase?
Is this correct:
LIKE '"+%myVariable%+"'?
Use:
where columnA LIKE '%' + myVariable + '%'
WHERE
columnName LIKE '%' + myVarCharVariable +'%'
Try this query:
select * from tablename where colname like '%' + #varname + '%'
Hope it helps.
I just tried this and found you can do as below:
SELECT * FROM whatever WHERE column LIKE '%'+#var+'%'
DECLARE #myVariable varchar(MAX)
SET #myVariable = 'WhatYouAreLookingFor'
SELECT * FROM mytable
WHERE columnA LIKE '%' + #myVariable + '%'
In case someone else stumbles into this post like I did. On SSMS 2012 with a SQL 2012 Server back end I was able to use code as follows without issues.
Declare #MyVariable
Set #MyVariable = '%DesiredString%'
Select *
From Table_A
Where Field_A like #MyVariable
Then each time you want to change the Desired String just change it at the Set statement.
I know this post was made prior to 2012 that is why I am mentioning it in case someone with a newer setup looks up this post.
Well you could do something like:
var query = "SELECT * FROM MyTable WHERE columnA LIKE '%" + myVariable + "%'";
If you are worried about sql injection, try something like this instead. It's more complex, but it works and should satisfy security requirements. Let's say someone passed a value into your stored procedure using a parameter called "#searchstring".
DECLARE #searchString nvarchar(100) = 'test',
#SQL nvarchar(max),
#foundSearchHit bit,
#paramdef nvarchar(max) = '#foundSearchHit bit OUTPUT'
SET #searchstring = '%' + #searchString + '%'
SET #SQL = '
SELECT TOP 1 #foundSearchHit = 1
FROM sys.databases WHERE [name] like ' +
QUOTENAME(#searchString,'''')
EXEC sp_executeSQL #SQL, #paramdef, #foundSearchHit = #foundSearchHit OUTPUT
SELECT #foundSearchHit
That should do the trick.
Im using Microsoft SQL Server which I think is T-SQL or ANSI SQL.
I want to search a database with a string. The matches that fit the begging of the string should come first then sort alphabetically.
I.e. If the table contains FOO, BAR and RAP
a search for the string 'R' should yield:
RAP
BAR
In that order.
Here is my attempt:
SELECT Name
FROM MyTable
WHERE (Name LIKE '%' + #name + '%')
ORDER BY (IF(Name LIKE #name + '%',1,0))
The error message is: "must declare scalar variable #name"
declare #name varchar(10)
set #name='R'
SELECT Name
FROM (select 'foo' as name union select 'RAP' union select 'BAR') MyTable
WHERE (Name LIKE '%' + #name + '%')
ORDER BY charindex(#name ,name)
.
DECLARE #name VARCHAR(MAX);
SET #name = 'foo';
SELECT Name
FROM MyTable
WHERE Name LIKE '%' + #name + '%'
ORDER BY CASE WHEN Name LIKE #name + '%' THEN 1 ELSE 0 END;
Other solutions seem to miss the "sort alphabetically" part:
DECLARE #Search VARCHAR(MAX)
SET #Search = 'R'
SELECT 0, Name
FROM MyTable
WHERE Name LIKE #Search + '%'
UNION ALL
SELECT 1, Name
FROM MyTable
WHERE Name like '%_' + #Search + '%'
ORDER BY 1, 2
Seems that you missed variable declaration:
DECALRE #name varchar(50) -- adjust type and length of variable
SET #name = 'phrase' -- for MSSQL 2008 you can do it in one line