|
-
Mar 4th, 2010, 09:43 AM
#1
 [RESOLVED] incorrect syntax near % sql parameter
Hi,
I have this sql statement which will be passed to sql server 2008. This works fine.
Code:
string query = "Select * from Patient where LastName like '" + family + "%'";
However, when i tried to use a parameterized query like this:
Code:
string query = "Select * from Patient where LastName like '" + "@family" + " %'";
it gives me an error.
I tried putting a blank space before the @ sign. but its not doing right.
Any ideas? Btw, @family is sqldbtype.varchar.
tnx
-
Mar 4th, 2010, 09:51 AM
#2
Re: incorrect syntax near % sql parameter
Remove the qoutes around the parameter
Sometimes the Programmer 
Sometimes the DBA 
Mazz1
-
Mar 4th, 2010, 09:51 AM
#3
Re: incorrect syntax near % sql parameter
Bravo for attempting to use parameters....
Just need a little tweaking...
Code:
string query = "Select * from Patient where LastName like (@family + '%')";
First problem was that you had your parameter inside of tick marks, making it a literal string... which isn't what you want... but the "%" does need to be a literal... and it just simply needs to be added to the parameter. Viola!
-tg
-
Mar 4th, 2010, 09:57 AM
#4
Re: incorrect syntax near % sql parameter
Hi tg and gary,
Code:
Bravo for attempting to use parameters....
Ur welcome, we had this practice to use sql parameters when talking to sql server to prevent injections.
Code:
string query = "Select * from Patient where LastName like (@family + '%')";
Works like a charm...thanks...I'll put this topic under my signature..
Greg
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
is a way of saying Thanks... 
Reply With Quote
