473,378 Members | 1,543 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > parameters in search

Join Bytes to post your question to a community of 473,378 software developers and data experts.

parameters in search

I'm trying to use parameters in a search, but I can't get it right.

Before I add parameters this works:
string cmd =
"SELECT * " +
"FROM MyTable" +
"WHERE Title LIKE '%" + keyword + "%'

Here my code with parameters that don't work:
string cmd =
"SELECT * " +
"FROM MyTable " +
"WHERE Title LIKE '%@Keyword%'";

command.CommandText = cmd;
command.Parameters.Add(new SqlParameter("@Keyword", keyword))
What am I doinig wrong?
--
Eirik Eldorsen

Nov 19 '05 #1
4 958
Erik,

Change to

"WHERE Title LIKE @Keyword";

and include the '%'s in the parameter value:

command.Parameters.Add(new SqlParameter("@Keyword",
String.Format("%{0}%",keyword)));

Eliyahu

"Eirik Eldorsen" <ku*******@hotmail.com> wrote in message
news:e8**************@TK2MSFTNGP12.phx.gbl...
I'm trying to use parameters in a search, but I can't get it right.

Before I add parameters this works:
string cmd =
"SELECT * " +
"FROM MyTable" +
"WHERE Title LIKE '%" + keyword + "%'

Here my code with parameters that don't work:
string cmd =
"SELECT * " +
"FROM MyTable " +
"WHERE Title LIKE '%@Keyword%'";

command.CommandText = cmd;
command.Parameters.Add(new SqlParameter("@Keyword", keyword))
What am I doinig wrong?
--
Eirik Eldorsen

Nov 19 '05 #2
Thank you!
"Eliyahu Goldin" <re*************@monarchmed.com> skrev i melding
news:%2****************@TK2MSFTNGP09.phx.gbl...
Erik,

Change to

"WHERE Title LIKE @Keyword";

and include the '%'s in the parameter value:

command.Parameters.Add(new SqlParameter("@Keyword",
String.Format("%{0}%",keyword)));

Eliyahu

"Eirik Eldorsen" <ku*******@hotmail.com> wrote in message
news:e8**************@TK2MSFTNGP12.phx.gbl...
I'm trying to use parameters in a search, but I can't get it right.

Before I add parameters this works:
string cmd =
"SELECT * " +
"FROM MyTable" +
"WHERE Title LIKE '%" + keyword + "%'

Here my code with parameters that don't work:
string cmd =
"SELECT * " +
"FROM MyTable " +
"WHERE Title LIKE '%@Keyword%'";

command.CommandText = cmd;
command.Parameters.Add(new SqlParameter("@Keyword", keyword))
What am I doinig wrong?
--
Eirik Eldorsen


Nov 19 '05 #3
Erik,
Goldin wrote:
String.Format("%{0}%",keyword)));
This is very important.
Take care of the SQL injection.

T.Berimi

"Eliyahu Goldin" <re*************@monarchmed.com> a écrit dans le message de
news: %2****************@TK2MSFTNGP09.phx.gbl... Erik,

Change to

"WHERE Title LIKE @Keyword";

and include the '%'s in the parameter value:

command.Parameters.Add(new SqlParameter("@Keyword",
String.Format("%{0}%",keyword)));

Eliyahu

"Eirik Eldorsen" <ku*******@hotmail.com> wrote in message
news:e8**************@TK2MSFTNGP12.phx.gbl...
I'm trying to use parameters in a search, but I can't get it right.

Before I add parameters this works:
string cmd =
"SELECT * " +
"FROM MyTable" +
"WHERE Title LIKE '%" + keyword + "%'

Here my code with parameters that don't work:
string cmd =
"SELECT * " +
"FROM MyTable " +
"WHERE Title LIKE '%@Keyword%'";

command.CommandText = cmd;
command.Parameters.Add(new SqlParameter("@Keyword", keyword))
What am I doinig wrong?
--
Eirik Eldorsen


Nov 19 '05 #4

"Berimi" <be****@algeriecom.com> wrote in message
news:uK**************@TK2MSFTNGP12.phx.gbl...
Erik,
Goldin wrote:
>String.Format("%{0}%",keyword)));


This is very important.
Take care of the SQL injection.

T.Berimi


Using Parameters, there won't be any SQL Injections...

Mythran

Nov 19 '05 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Variable Parameters - which approach.
by: Edward | last post by:
ASP.NET / VB.NET SQL Server 7.0 Our client has insisted that we change our established practice of building SQL in-line and move it all to SPROCs. Not a problem for 80% of the app. However,...
Microsoft SQL Server
0
Use javascript to get URL parameters and send to XSL (problem)
by: bearclaws | last post by:
I am trying to send URL parameters from an HTML page to an XSL page. I used this script to pass parameters manually to the XSL and it works great. I just modified the "input for XSL-processor"...
.NET Framework
7
CGI parameters (or equivalent) in Javascript
by: Andrew C. | last post by:
First time posting to this forum, so hello everyone! Does anyone know a way of passing parameters into a Javascript script 'from outside' via additions to the URL -- similar to (or even the same...
Javascript
3
Hide URL parameters
by: Big Time | last post by:
I have a search form used to query a MySQL database. I want the search results to appear on the same page as the search form, below the search box after the have entered their search criteria. I...
PHP
1
Passing parameters to a sub form's recordsource
by: bentond | last post by:
I am trying to write a simple form that allows a user to search through an address table. The main form has the text boxes (to be used as where parameters) and when clicking the search button will...
Microsoft Access / VBA
7
1 SP with dynamic input parameters and multiple rows as the source of the query
by: serge | last post by:
How can I run a single SP by asking multiple sales question either by using the logical operator AND for all the questions; or using the logical operator OR for all the questions. So it's always...
Microsoft SQL Server
7
Getting URL parameters
by: Aaron Gray | last post by:
I put together the following code to get the href's parameters :- function GetParameters() { var arg = new Object(); var href = document.location.href; if ( href.indexOf( "?") != -1) { var...
Javascript
5
Query parameters - Tricky Stored Procedure Question
by: ric_deez | last post by:
Hi there, I would like to create a simple search form to allow users to search for a job number based on a number of parameters. I think I understand how to use parameteres associated with Stored...
Visual Basic .NET
3
Query not returning empty when no parameters are given.
by: ljstern | last post by:
I have a query that has 4 "AND" parameters. The problem I am having is that when I leave all the parameters blank, all records are shown. I need for it to come up empty, so that no records are...
Microsoft Access / VBA
2
WyvsEyeView
display selection parameters on report
by: WyvsEyeView | last post by:
I have a form on which users select various search parameters and then click a View button to display a report of the results. I would like to display the search parameters used on the report itself...
Microsoft Access / VBA
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!