how to search a database with a stored procedure?

Discussion in 'ASP .Net' started by wilco, Aug 4, 2003.

  1. wilco

    wilco Guest

    hello,

    can any one tell me how to create a stored procedure that is beable to
    search a table, or more table's and can make use of wildcards?
    i just made somthing like this,:
    SELECT * FROM tblUsers WHERE Adress LIKE '* Value from user how wants to
    search the database *'
    but I don't know where to place the @??? for the input
    i also wants to make the user can select witch table and field he want's to
    search.

    thanks!!
    wilco, Aug 4, 2003
    #1
    1. Advertising

  2. wilco

    Jerry III Guest

    And when you do it like this someone will sumbit "%' GO DELETE tblUsers --"
    in your input box and wipe out your table (if the database user has enough
    privileges to do so).

    A better solution is to use the command object, like this:

    OleDbCommand cmd = new OleDbCommand();

    cmd.CommandText = "SELECT * FROM [tblUsers] WHERE [Address] LIKE @address";
    cmd.Parameters.Add("@address", "%" + txtAddress.Text + "%");

    Jerry

    "David Wier" <> wrote in message
    news:%...
    > Dim sAddress as String
    > sAddress=txtAddress.text
    > SQL = "SELECT * FROM tblUsers WHERE Adress Like '%" & sAddress & "%'"
    >
    > Put the % sign on the front and at the end, in order to search the entire
    > field
    >
    > Check out this 2 Part Tutorial on Parameterized Queries:
    > http://aspnet101.com/aspnet101/tutorials.aspx?id=1
    >
    > LIKE is covered in Part 2
    >
    > David Wier
    > http://aspnet101.com
    > http://aspexpress.com
    >
    >
    > "wilco" <> wrote in message
    > news:bgm62m$oou$...
    > > hello,
    > >
    > > can any one tell me how to create a stored procedure that is beable to
    > > search a table, or more table's and can make use of wildcards?
    > > i just made somthing like this,:
    > > SELECT * FROM tblUsers WHERE Adress LIKE '* Value from user how wants to
    > > search the database *'
    > > but I don't know where to place the @??? for the input
    > > i also wants to make the user can select witch table and field he want's

    > to
    > > search.
    > >
    > > thanks!!
    > >
    > >

    >
    >
    Jerry III, Aug 4, 2003
    #2
    1. Advertising

  3. wilco

    Xavier MT Guest

    Can I ask what is the difference?

    I just want to understand it....

    "Jerry III" <> wrote in message
    news:%23Z1C%...
    > And when you do it like this someone will sumbit "%' GO DELETE

    tblUsers --"
    > in your input box and wipe out your table (if the database user has enough
    > privileges to do so).
    >
    > A better solution is to use the command object, like this:
    >
    > OleDbCommand cmd = new OleDbCommand();
    >
    > cmd.CommandText = "SELECT * FROM [tblUsers] WHERE [Address] LIKE

    @address";
    > cmd.Parameters.Add("@address", "%" + txtAddress.Text + "%");
    >
    > Jerry
    >
    > "David Wier" <> wrote in message
    > news:%...
    > > Dim sAddress as String
    > > sAddress=txtAddress.text
    > > SQL = "SELECT * FROM tblUsers WHERE Adress Like '%" & sAddress & "%'"
    > >
    > > Put the % sign on the front and at the end, in order to search the

    entire
    > > field
    > >
    > > Check out this 2 Part Tutorial on Parameterized Queries:
    > > http://aspnet101.com/aspnet101/tutorials.aspx?id=1
    > >
    > > LIKE is covered in Part 2
    > >
    > > David Wier
    > > http://aspnet101.com
    > > http://aspexpress.com
    > >
    > >
    > > "wilco" <> wrote in message
    > > news:bgm62m$oou$...
    > > > hello,
    > > >
    > > > can any one tell me how to create a stored procedure that is beable to
    > > > search a table, or more table's and can make use of wildcards?
    > > > i just made somthing like this,:
    > > > SELECT * FROM tblUsers WHERE Adress LIKE '* Value from user how wants

    to
    > > > search the database *'
    > > > but I don't know where to place the @??? for the input
    > > > i also wants to make the user can select witch table and field he

    want's
    > > to
    > > > search.
    > > >
    > > > thanks!!
    > > >
    > > >

    > >
    > >

    >
    >
    Xavier MT, Aug 5, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Curiale
    Replies:
    1
    Views:
    370
  2. Mike P
    Replies:
    0
    Views:
    3,294
    Mike P
    Jun 19, 2006
  3. CSINVA
    Replies:
    1
    Views:
    294
    Eliyahu Goldin
    Nov 4, 2007
  4. Mate
    Replies:
    2
    Views:
    1,305
    Gregory A. Beamer
    Jul 15, 2009
  5. MatiTuk
    Replies:
    0
    Views:
    790
    MatiTuk
    May 3, 2011
Loading...

Share This Page