can a transfer an asterisk in a parameter? - SQL Server Forums

Home | Weblogs | Forums

Site Sponsored By: SQLDSC - SQL Server Desired State Configuration

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

General SQL Server Forums

New to SQL Server Programming

can a transfer an asterisk in a parameter?

Author

Topic

weitzhandler
Yak Posting Veteran

64 Posts

Posted - 2008-01-26 : 21:00:23

can I transfer sql characters (e.g. *,+,%,OR,AND etc.)
and other search keywords through a parameter (@example)?

TG
Master Smack Fu Yak Hacker

6065 Posts

Posted - 2008-01-26 : 21:22:08

obviously depends on the datatype of the parameter but sure.

declare @p varchar(100)
set @p = '*,+,%OR,AND'
select @p

Be One with the Optimizer
TG

TG
Master Smack Fu Yak Hacker

6065 Posts

Posted - 2008-01-26 : 21:31:20

quote:
Originally posted by weitzhandler

can I transfer sql characters (e.g. *,+,%,OR,AND etc.)
and other search keywords through a parameter (@example)?

oh, you mean you want to pass actual sql code (which you intend to exectue) via a parameter to a stored procedure? You would have to use dynamic sql. Doing that poses a significant security risk. Sql Injection and all...

Be One with the Optimizer
TG

weitzhandler
Yak Posting Veteran

64 Posts

Posted - 2008-01-26 : 21:33:37

quote:
Originally posted by TG
declare @p varchar(100)
set @p = '*,+,%OR,AND'
select @p

thanks for your wingy post...
I did not understand how to use the information you provided,
I will phrase it a different way:
I have a textbox in my application and I want to transfer the textbox content to a parameter in a sql query, but I want the user to be able to write '*' in order to retrieve the whole table data.

Shimi

TG
Master Smack Fu Yak Hacker

6065 Posts

Posted - 2008-01-26 : 22:22:35

wingy?

that code was just intended to be pasted into a query window and executed so you could see that the output in fact had the special characters intact - the same way they went in.

Sorry Shimi, I'm not clear on what part of your scenario you need help with. You last post didn't actually contain a question.

Be One with the Optimizer
TG

weitzhandler
Yak Posting Veteran

64 Posts

Posted - 2008-01-26 : 22:30:03

my problem is at this time, I use SQL CE, so I can't write strd. prcds.

so if there is a way to write my query in the table adapter it will solve my problem

Shimi

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources