[RESOLVED] incorrect syntax near % sql parameter

Printable View

Mar 4th, 2010, 09:43 AM
KGComputers

[RESOLVED] incorrect syntax near % sql parameter

Hi,

I have this sql statement which will be passed to sql server 2008. This works fine.

Code:

string query = "Select * from Patient where LastName like '" + family + "%'";

However, when i tried to use a parameterized query like this:

Code:

string query = "Select * from Patient where LastName like '" + "@family" + " %'";

it gives me an error.

I tried putting a blank space before the @ sign. but its not doing right.

Any ideas? Btw, @family is sqldbtype.varchar.

tnx
Mar 4th, 2010, 09:51 AM
GaryMazzone

Re: incorrect syntax near % sql parameter

Remove the qoutes around the parameter
Mar 4th, 2010, 09:51 AM
techgnome

Re: incorrect syntax near % sql parameter

Bravo for attempting to use parameters....

Just need a little tweaking...

Code:

string query = "Select * from Patient where LastName like (@family + '%')";

First problem was that you had your parameter inside of tick marks, making it a literal string... which isn't what you want... but the "%" does need to be a literal... and it just simply needs to be added to the parameter. Viola!

-tg
Mar 4th, 2010, 09:57 AM
KGComputers

Re: incorrect syntax near % sql parameter

Hi tg and gary,

Code:

Bravo for attempting to use parameters....

Ur welcome, we had this practice to use sql parameters when talking to sql server to prevent injections.

Code:

string query = "Select * from Patient where LastName like (@family + '%')";

Works like a charm...thanks...I'll put this topic under my signature..

Greg

All times are GMT -5. The time now is 07:27 PM.