Jose,
I'm not sure this is really a C# language group question, but--
The SQL statement you show would be fine if it was inside a stored procedure
and the @PARAMxx parameter variables were sproc input parameters.
However if this is, instead, an inline string concatenation in a block of C#
code, it is very wrong. You should be using a parameterized query in which
case it would look more like the following:
string strSQL=@"SELECT * FROM Employee WHERE (Name LIKE '%' + @PARAM1 + '%')
AND (Name LIKE '%' + @PARAM2 + '%') AND (Company LIKE '%' + @PARAM3 + '%')"
then,
cmd.Parameters.AddWithValue("@PARAM1", txtBoxParam1.Text ); // etc.
Hope that helps.
-- Peter
http://www.eggheadcafe.com
unBlog:
http://petesbloggerama.blogspot.com
BlogMetaFinder:
http://www.blogmetafinder.com
"Jose Oliver" wrote:
I am a bit baffled on this error. A windows app written in C# is
attempting to execute the following query:
SELECT *
FROM Employee
WHERE (Name LIKE '%' + @PARAM1 + '%') AND (Name LIKE '%' + @PARAM2
+ '%') AND (Company LIKE '%' + @PARAM3 + '%')
I am getting the following error - "Input string was not in a correct
format."