Click here to Skip to main content
15,848,407 members
Home / Discussions / Database
   

Database

 
QuestionSQL Server 2008 - Number Manipulation Pin
ac01121-Oct-10 7:59
ac01121-Oct-10 7:59 
AnswerRe: SQL Server 2008 - Number Manipulation Pin
Eddy Vluggen21-Oct-10 11:05
professionalEddy Vluggen21-Oct-10 11:05 
AnswerRe: SQL Server 2008 - Number Manipulation Pin
RyanEK21-Oct-10 15:39
RyanEK21-Oct-10 15:39 
GeneralRe: SQL Server 2008 - Number Manipulation Pin
ac01122-Oct-10 0:07
ac01122-Oct-10 0:07 
QuestionUpdate query does not affects matched Pin
Abdul-Rhman Alsri21-Oct-10 6:28
Abdul-Rhman Alsri21-Oct-10 6:28 
AnswerRe: Update query does not affects matched Pin
Eddy Vluggen21-Oct-10 11:02
professionalEddy Vluggen21-Oct-10 11:02 
QuestionStored Procedure Pin
Nath20-Oct-10 23:19
Nath20-Oct-10 23:19 
AnswerRe: Stored Procedure Pin
J4amieC21-Oct-10 0:38
J4amieC21-Oct-10 0:38 
EXEC (str)


or

sp_executesql str


But both are awful ways to implement a search query - and im betting you're passing textbox values directly into the SP - opening you up to sql injection attacks.


You should be doing it like the following, passing null for any params where you dont have a value (or not passing them at all, and taking the default, null)

SQL
CREATE PROCEDURE sp_srch(
@empid varchar(10) = NULL, 
@empname varchar(45) = NULL,
@mobileno varchar(15) = NULL,
@bloodgroup varchar(5)) = NULL
BEGIN
select Emp_Id,First_Name,Last_Name,Gender,Mobile_No,Email_id,Blood_Group 
from Employee 
where (@empID IS NULL OR emp_id like '%' + @empID + '%')
and (@empName IS NULL OR first_name like '%' + @empName + '%')
and (@mobileno IS NULL OR mobile_no like '%' + @mobileno + '%')
and (@bloodgroup IS NULL OR blood_group like '%' + @bloodgroup+ '%')

GeneralRe: Stored Procedure Pin
Mycroft Holmes21-Oct-10 14:04
professionalMycroft Holmes21-Oct-10 14:04 
GeneralRe: Stored Procedure Pin
J4amieC21-Oct-10 22:48
J4amieC21-Oct-10 22:48 
GeneralRe: Stored Procedure Pin
Mycroft Holmes22-Oct-10 1:52
professionalMycroft Holmes22-Oct-10 1:52 
QuestionReturn name and identity for all tables Pin
yippiecoder20-Oct-10 11:55
yippiecoder20-Oct-10 11:55 
AnswerRe: Return name and identity for all tables Pin
Blue_Boy20-Oct-10 22:12
Blue_Boy20-Oct-10 22:12 
GeneralRe: Return name and identity for all tables Pin
David Skelly20-Oct-10 23:40
David Skelly20-Oct-10 23:40 
QuestionI want your help Pin
Lamis Radman19-Oct-10 10:31
Lamis Radman19-Oct-10 10:31 
AnswerRe: I want your help Pin
Pete O'Hanlon20-Oct-10 1:02
subeditorPete O'Hanlon20-Oct-10 1:02 
QuestionXml datatype vs cdc Pin
Ebube19-Oct-10 7:47
Ebube19-Oct-10 7:47 
AnswerRe: Xml datatype vs cdc Pin
Mycroft Holmes19-Oct-10 13:22
professionalMycroft Holmes19-Oct-10 13:22 
GeneralRe: Xml datatype vs cdc Pin
Ebube21-Oct-10 6:37
Ebube21-Oct-10 6:37 
Questionhow to use % symbol in Like statement. Pin
shiva.kore18-Oct-10 22:13
shiva.kore18-Oct-10 22:13 
AnswerRe: how to use % symbol in Like statement. Pin
thatraja18-Oct-10 22:21
professionalthatraja18-Oct-10 22:21 
QuestionMessage Removed Pin
18-Oct-10 9:03
eddieangel18-Oct-10 9:03 
AnswerRe: Normalization / Referential Integrity Pin
Eddy Vluggen18-Oct-10 9:21
professionalEddy Vluggen18-Oct-10 9:21 
AnswerRe: Normalization / Referential Integrity Pin
Chris Meech18-Oct-10 9:43
Chris Meech18-Oct-10 9:43 
AnswerRe: Normalization / Referential Integrity [modified] Pin
PIEBALDconsult18-Oct-10 10:00
mvePIEBALDconsult18-Oct-10 10:00 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.