By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,732 Members | 842 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,732 IT Pros & Developers. It's quick & easy.

build sql query

P: n/a
How do I do this with parameterized query?
without parameterized query:
string search = "hello world search";

search = search.Replace(" ", " AND ");

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'
parameterized query:

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'

cmd.Parameters.Add("@search", SqlDbType.NVarChar).Value = search;

basically I am trying to perform a search where all the words in the
search string are present.

Howard

Nov 19 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Howard,

You specify parameters in a text query with a question mark.

So your sql would look like:

SqlCommand.CommandText = "SELECT * FROM TABLE1 WHERE TEXT LIKE '%'?'%'";
SqlCommand.CommandType = CommandType.Text;
SqlCommand.Parameters.Add("@search", SqlDbType.NVarChar).Value = search;
--
Sincerely,

S. Justin Gengo, MCP
Web Developer / Programmer

www.aboutfortunate.com

"Out of chaos comes order."
Nietzsche
"Howard" <ho*******@yahoo.com> wrote in message
news:11*********************@g44g2000cwa.googlegro ups.com...
How do I do this with parameterized query?
without parameterized query:
string search = "hello world search";

search = search.Replace(" ", " AND ");

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'
parameterized query:

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'

cmd.Parameters.Add("@search", SqlDbType.NVarChar).Value = search;

basically I am trying to perform a search where all the words in the
search string are present.

Howard

Nov 19 '05 #2

P: n/a
try an array and a loop:
string search = "hello world search";
cmd.CommandText= "select * from table1";
string sep = " where "
string[] terms = search.Split(' ');
for (int i =0; i < terms.length; ++i)
{
string pname = "@search" + i.ToString;
cmd.CommandText += sep + string.format("text like '%' + {0} +
'%'",pname);
cmd.Parameters.Add(pname, SqlDbType.NVarChar).Value = terms[i];
sep = " or ";
}
-- bruce (sqlwork.com);
"Howard" <ho*******@yahoo.com> wrote in message
news:11*********************@g44g2000cwa.googlegro ups.com...
How do I do this with parameterized query?
without parameterized query:
string search = "hello world search";

search = search.Replace(" ", " AND ");

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'
parameterized query:

SELECT * FROM TABLE1 WHERE TEXT LIKE '%' + @search + '%'

cmd.Parameters.Add("@search", SqlDbType.NVarChar).Value = search;

basically I am trying to perform a search where all the words in the
search string are present.

Howard

Nov 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.