6

I need to fetch the records based on a 'like' match against a set of records,

The below query im using is not working . Does anyone knows what's wrong with the query?

 sqlCommand.CommandText =String.Format("SELECT * FROM Customer" +
                " WHERE (Name like @Name)","'%" +searchString.Trim()+"%'");
            sqlCommand.Parameters.AddWithValue("Name", searchString);

This query isnt fetching the desired records.

I'm getting the following error while running the above snippet:

Must declare the scalar variable "@Name".
Improve this question
3
  • You have AddWithValue("Name", ... shouldn't that be @Name? Commented Apr 24, 2012 at 3:53
  • I tried both ways. Still im getting the same error Commented Apr 24, 2012 at 3:54
  • You didn't include the error you were getting. Can you please include it as a part of the question? Commented Apr 24, 2012 at 3:55

3 Answers 3

Reset to default
14

What happens this way?

sqlCommand.CommandText = "SELECT * FROM Customer WHERE Name LIKE @Name;";
sqlCommand.Parameters.AddWithValue("@Name", "%" + searchString + "%");

You could also code it as follows to avoid all the wildcard formatting in the first place:

sqlCommand.CommandText = "SELECT * FROM Customer WHERE CHARINDEX(@Name, Name) > 0;";
sqlCommand.Parameters.AddWithValue("@Name", searchString);

If you're going to insist on doing it the unsafe way, at the very least double-up any single quotes found in searchString, e.g.

searchString.Replace("'", "''")
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm getting this error "Must declare the scalar variable "@Name"."
Wouldn't the wildcards (%) be in the CommandText vs the parameter. That is: sqlCommand.CommandText="SELECT * FROM Customer WHERE Name LIKE %@Name%"
@vpiTriumph that's not the way I'd do it. Similar to a parameter to a stored procedure, in the body I'd have WHERE col LIKE @param - then I can pass 'foo%', '%bar' or '%splunge%'...
1

String.Format needs a placeholder, like {0} {1} etc.

sqlCommand.CommandText = "SELECT * FROM Customer WHERE Name LIKE @Name;";
sqlCommand.Parameters.AddWithValue("@Name", String.Format("%{0}%", searchString));
Improve this answer

Comments

-3

If Not con.State = ConnectionState.Open Then con.Open() End If

    Try

        Dim cmd As New OleDbCommand("UPDATE med_records SET Medicine=@Medicine,Dosage=@Dosage,Format=@Format,Expiration_date=@Expiration_date,Quantity=@Quantity where M_id=@M_id", con)
        cmd.Parameters.AddWithValue("@Medicine", txtMedicine.Text)
        cmd.Parameters.AddWithValue("@Dosage", txt_Dosage.Text)
        cmd.Parameters.AddWithValue("@Format", txt_Format.Text)
        cmd.Parameters.AddWithValue("@Expiration_date", txt_Expirationdate.Text)
        cmd.Parameters.AddWithValue("@Quantity", NumericUpDown1.Text)
        cmd.Parameters.AddWithValue("@M_id", txt_M_id.Text)
        cmd.ExecuteNonQuery()
        MsgBox("Update data")
        con.Close()
    Catch ex As Exception
        MsgBox(ex.Message)

    End Try
Improve this answer

1 Comment

Code-only answers are discouraged at SO because they lack context and may be not helpful for future readers. Please edit your answer to comment on your solution.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.