like operator sql query

Question

0.00/5 (No votes)

See more:

i have written query:

SqlCommand cmd = new SqlCommand("select * from profile where name LIKE" +"%"+TextBox1.Text+ "%" , cnn);

this will give me error.what is problem in this?

Posted 2-Jan-13 7:42am

Member 9511889

Updated 2-Jan-13 7:43am

v2

Add a Solution

Comments

ridoy 2-Jan-13 14:28pm

What is the error?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Karthik. A · Accepted Answer · 2013-01-02T07:55:00

Solution 1

Try changing that line to

SQL

SqlCommand cmd = new SqlCommand("select * from profile where name LIKE " +"'%"+TextBox1.Text+ "%'" , cnn);

You are missing a space (next to LIKE) and single quotes (before and after %)

Posted 2-Jan-13 7:55am

Karthik. A

Comments

ridoy 2-Jan-13 14:29pm

exactly..+5

[no name] 2-Jan-13 18:29pm

My 5 :)

Wendelius · Accepted Answer · 2013-01-02T08:13:00

Solution 2

As stated in the previous solution, the problem is the missing single quotes.

However, the correction is to properly use parameters (see SqlParameter[^]).

So the code should be something like:

C#

SqlCommand cmd = new SqlCommand("select * from profile where name LIKE @name" , cnn);
cmd.Parameters.Add("@name", SqlDbType.VarChar, 100).Value = string.Format("%{0}%", TextBox1.Text);
...

Without using parameters, you will be open to SQL injections, illegal character problems (single quote for example) etc.

Posted 2-Jan-13 8:13am

Wendelius

Comments

__TR__ 2-Jan-13 14:26pm

My 5!

Wendelius 4-Jan-13 15:05pm

Thanks :)

ridoy 2-Jan-13 14:29pm

Great..+5

Wendelius 4-Jan-13 15:05pm

Thank you :)

[no name] 2-Jan-13 18:29pm

My 5

Wendelius 4-Jan-13 15:06pm

Thanks :)