Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
matto456
Starting Member
2 Posts |
 Posted - 2014-11-26 : 12:59:36
|
| Using a full search index with the following query works with just one parameter.declare @P0 varchar(50) = '"First*"'SELECT * FROM TableName where contains ((Col1, Col2), @P0)How do I make it work if I have two parameters, while also protecting the parameters from injection attacks?declare @P0 varchar(50) = '"First*"'declare @P1 varchar(50) = '"Second*"'SELECT * FROM TableName where contains ((Col1, Col2), @P0 AND @P1)If they weren't parameters, you put single quotes around the ' @P0 AND @P1' to get this query to work. Any suggestions? |
|
|
bitsmed
Aged Yak Warrior
545 Posts |
Posted - 2014-11-27 : 19:40:28
|
| How about:where contains((Col1,Col2),@P0) and contains((Col1,Col2),@P1) |
 |
|
|
matto456
Starting Member
2 Posts |
Posted - 2014-12-01 : 09:31:13
|
| Thanks so much for the reply. That does work, but it appears to slow down the execution time. Can you think of another solution? |
|
|
|
|
|
|
Multiple Parameters Using Full Search Index