Converting to C # and ASP. NET about how like in achieves parameterized Query

C #, ASP . Net. For common SQL statements such as select, the normal parameterized statement format is as follows:

Select * From profile where employeeid = @ employeeid

For example:

String loginstring = "select * From profile where employeeid = @ employeeid ";

But please attention to the like SQL sentence:

Select * From profile where employeeid like '%' + @ employeeid + '% ';

The accurate search format is:

Select * From profile where employeeid like + @ employeeid;

So

String = "select * from box where boxid like '%' + @ substring + '% '"

Provides valuable information for this article.ArticleInclude:

C # SQL like Parameter

The significance of parameterization is to provide the corresponding value from the parameter. For the like statement, the value after like includes all the parts in single quotes, including the percent sign (% ), therefore, when parameterizing the like value, you should move the percentage sign to the parameter value, as shown in the following code:

Cmd. Parameters ["@ keyword"]. value = "%" + strkeyword + "% ";

Do not look like this in SQL statements:

Select * from [tablename] Where [column1] Like '% @ keyword %'

No error is reported, but you cannot query the expected results.