I am trying to do an SQL query such as
SELECT * FROM [TABLE] WHERE hostname LIKE '%myhostname%';
This works fine in plain SQL, but when I use System.Data.SQLite in C#, it only works with a literal, not a parameter, such as
string sel = "SELECT * FROM [TABLE] WHERE hostname LIKE '%#host%'";
...
command.Parameters.AddWithValue("#host", "myhostname");
This returns no results.
You can't do that. The parameters must be complete values - it's not just a string substitution into the SQL. You could do this instead:
string sel = "SELECT * FROM [TABLE] WHERE hostname LIKE #host";
...
command.Parameters.AddWithValue("#host", "%myhostname%");
Easiest way to do this is to use '||'
Use :
const string qry = "SELECT SiteNum FROM WorkTable WHERE WTName LIKE #wtName || '%' ";
Instead Of:
const string qry = "SELECT SiteNum FROM WorkTable WHERE WTName LIKE #wtName%";
I have already answered here
Related
I made a C# form to make a search on two values in one table. My table is called customers with string ID and string cust_name.
I need to make a search query that looks for the textbox Text either is found in ID or in cust_name, so I made this SQL query when textChanged sends this method
search(txt_search.Text);
SqlDataAdapter searchAdapter;
private void search(string id)
{
searchAdapter = new SqlDataAdapter(#"Select * from Customers
where cust_ID like '%' '" + id + "' '%' or
cust_name like '%' '" + id + "' '%'", User.connection);
}
Please help me make it right..
As usual, use a parameterized query. Your error is in the concatenation of the string parts that makes your query. And it is a common situation that something is not as it should be. In your particular case there are some spaces that mess up the syntax. Anyway parameters allow a clearer query text, avoid Sql Injection and parsing errors.
private void search(string id)
{
string cmdText = #"Select *
from Customers
where cust_ID like #id or
cust_name like #id";
searchAdapter = new SqlDataAdapter(cmdText, User.connection);
searchAdapter.SelectCommand.Parameters.Add("#id", SqlDbType.NVarChar).Value = "%" + id + "%";
... remainder of the code that uses the searchAdapter....
}
I need to insert a string into an Sql Command
search.CommandText = "SELECT * FROM Contacts WHERE Name like ' + #person + % + '";
What it the right way of using LIKE in a command?
Should be:
SELECT * FROM Contacts WHERE Name like #person + '%'
#person is a parameter - you don't need single quotes around it. You only need to concatenate it with %, which should have quotes.
Keep in mind:
You could have kept it "SELECT * FROM Contacts WHERE Name like #person", and have the parameter value contain % (concatenate in C# is simpler to understand).
You may also want to escape other wildcard characters already in the string: %, _, [ and ].
Use Syntax:
SELECT column_name(s)
FROM table_name
WHERE column_name LIKE pattern
The "%" sign can be used to define wildcards (missing letters in the pattern) both before and after the pattern.
For Example:
LIKE '%xy' would get you anything ending with 'xy'
LIKE '%xy%' would get you anything contains the 'xy'
LIKE 'xy%' would get you anything starting with 'xy'
Is this what you mean?
searchPerson.CommandText = "SELECT * FROM Contacts WHERE Name LIKE '"+person+"%'";
searchPerson.CommandText =
"SELECT * FROM Contacts WHERE Name like #person + '%'"
searchPerson.CommmandText = "SELECT * FROM Contacts WHERE Name like '" + #person + "%'";
select * from Contacts WHERE Name like '%' + '"+#person+"' + '%'
select * from Contacts WHERE Name like '%' + '"+#person+"'
select * from Contacts WHERE Name like '"+#person+"' + '%'
This should work
"Select * from customer where FirstName LIKE '"+TextBox1.Text + '%'+ "' ";
if Field type is Nvarchar use this code:
"select * from Contacts where name like N'%"+person+"%'"
Just for reference!
string strQuery = "select Ac_Key from AccountDetails where (Ac_Name like '%'+#Ac_Name+'%');
SqlCommand cmb1 = new SqlCommand(strQuery);
cmb1.Parameters.AddWithValue("#Ac_Name", AccountName);
"SELECT * FROM table_name like concat(#persons,'%')"
I used it.
How to write a select statement with where clause.i need to compare with a string value.
I tried this:
string get_dropdown_value = dropdown_category.SelectedItem.Value;
...but it gives me this error:
Invalid column name 'get_dropdown_value'.
You will have to show the select statement you are using. I suspect you have done something like this:
string selectStatement = "SELECT * FROM SOME_TABLE WHERE SOME_COLUMN = get_dropdown_value";
While it should be like:
string selectStatement = "SELECT * FROM SOME_TABLE WHERE SOME_COLUMN = " + get_dropdown_value;
Edit: As others mentioned, this is prone to SQL Injection. So, you might want to use SqlParamter (assuming you are using SQL).
Try this code
insted of
string get_dropdown_value = dropdown_category.SelectedItem.Value;
Put
string get_dropdown_value = dropdown_category.SelectedItem.Text;
this is my table in oracle:
I'm trying to do this:
selectCmd = "select * from scott.BONUS where ename like '% :f4 %'";
var par = cmd.CreateParameter();
par.DbType = DbType.String;
par.ParameterName = "f4";
par.Value = "fsd";
cmd.Parameters.Add(par);
cmd.CommandText = selectCmd;
con.Open();
my problem is the part after the 'like' .. I've tried many things w/o success.
In some of the tries the reader came back empty while in others an exception has been thrown.
That is looking for something containing the literal sequence of characters space, colon, f, 4. You mean:
like '%' || :f4 || '%'
(edited to reflect correction by Stephen ODonnell, comments)
Or easier; just use
like :f4
And put the % in the value:
par.Value = "%" + "fsd" + "%";
(expanded for convenience, under the assumption that "fsd" needs to be a variable or similar in the real code)
As part of an effort to stop using dynamic SQL generation and encourage use of bind variables, I am running into some problems.
I am querying an Oracle 9i database from an ASP.NET page using Oracle Data Providers for .NET
The query is
sql = "SELECT somedata FROM sometable WHERE machine = :machineName ";
I define the Oracle Parameter as follows
OracleParameter parameter = new OracleParameter();
parameter.ParameterName = "machineName";
parameter.OracleDbType = OracleDbType.Varchar2;
parameter.Value = machine; //machine is a variable of type string
parameterList.Add(parameter);
This works fine for "=" operator. But I just can't seem to get it to work with "LIKE". I don't know how to format the query so that it accepts usage of the "%" wildcard.
I have tried:
sql = "SELECT somedata FROM sometable WHERE machine LIKE :machineName% ";
sql = "SELECT somedata FROM sometable WHERE machine LIKE ':machineName%' ";
sql = "SELECT somedata FROM sometable WHERE machine LIKE :machineName||% ";
and also:
parameter.Value = machine+'%';
but all I get are ORA-00911 (illegal character) and ORA-01036 (illegal name/value) exceptions.
What am I doing wrong?
Try:
sql = "SELECT somedata FROM sometable WHERE machine LIKE :machineName || '%' ";
Because of the BIND variable, there wouldn't need to be single quotes around it. But the % is not, so I would expect it needing to be encapsulated.
Here is a full query example:
string commandText = "SELECT LastName, FirstName FROM PEOPLE WHERE UPPER(LastName) LIKE '%' || :lastName || '%' AND UPPER(FirstName) LIKE '%' || :firstName || '%'";
string oradb = "yourDatabaseConnectionStringHere"; // Might want to add Using statement for this code and try catch
OracleConnection conn = new OracleConnection(oradb); // C#
conn.Open();
OracleCommand cmd = new OracleCommand
{
Connection = conn,
CommandText = commandText,
CommandType = CommandType.Text
};
/*IMPORTANT: adding parameters must be in order how they are in order in the SQL statement*/
cmd.Parameters.Add(new OracleParameter("lastName", model.LastName.Trim().ToUpper()));
cmd.Parameters.Add(new OracleParameter("firstName", model.FirstName.Trim().ToUpper()));
OracleDataReader dr = cmd.ExecuteReader();