I believe the problem is because you're mixing up dynamic SQL with
static SQL.
The @.SearchTerm variable that you are building up can not be used to
specify additional LIKE criteria for the Subject column, each LIKE
condition needs to be individually coded into your static SQL.
The alternative is to build the entire SELECT as dynamic SQL. This
provides additional flexibility, but there are performance and
security implications when doing this (google SQL injection).
Good luck!
JOn Dec 17, 10:33 am, jhofm...@.googlemail.com wrote:
Quote:
Originally Posted by
Hi Paparush,
>
I believe the problem is because you're mixing up dynamic SQL with
static SQL.
The @.SearchTerm variable that you are building up can not be used to
specify additional LIKE criteria for the Subject column, each LIKE
condition needs to be individually coded into your static SQL.
>
The alternative is to build the entire SELECT as dynamic SQL. This
provides additional flexibility, but there are performance and
security implications when doing this (google SQL injection).
>
Good luck!
J
Hi J,
Thanks for the reply.
Yes..the dynamic SQL is the approach I've been trying all morning and
I've gotten it to work. I have to build the entire SELECT string in
my app's code, based on the search term the user enters and then stuff
this into @.SearchTerm and pass this string into the code below.
declare @.SearchTerm nvarchar(max)
EXEC sp_ExecuteSQL @.Search
No comments:
Post a Comment