stackoom
  简体   繁体   中英

How to return data from null INT value using LIKE clause in stored procedure SQL

 原文  2018-02-19 16:25:55       c#/ asp.net/ sql-server/ tsql

Question

I have a stored procedure as follows: 

@AgencyID VARCHAR(50),
@TNID INT = NULL,
@ProviderName VARCHAR(100) = NULL,
@County VARCHAR(50) = NULL,
@Region VARCHAR(50) = NULL

SELECT * 
FROM CustomerInfo
WHERE AgencyID = @AgencyID 
  AND (TNID LIKE '%' + ISNULL(CAST(@TNID AS VARCHAR(50)), '') + '%') 
  AND (ProviderName LIKE '%' + ISNULL(@ProviderName, '') + '%') 
  AND (County LIKE '%' + ISNULL(@County, '') + '%') 
  AND (Region LIKE '%' + ISNULL(@Region, '') + '%')

The problem I am facing is whenever the integer TNID value is null my query doesn't return anything even thought some of the parameters have values. It doesn't accept null value to return accurate data although i have ISNULL function.

If I use straight C# code, it works perfectly, but I would like to use the same scenario in my stored procedure to prevent SQL injection in the future 

string query = "SELECT * FROM CustomerInfo WHERE AgencyID = '" + agency.Text + "' AND TNID LIKE '%" + tnid.Text + "%' AND ProviderName LIKE '%" + prvName.Text + "%' AND County LIKE '%" + countyList.Text + "%' AND Region LIKE '%" + region.Text + "%'";

3 answers

solution1
 1  2018-02-19 16:53:06

SELECT *
FROM CustomerInfo
WHERE AgencyID = @AgencyID
  AND (@TNID IS NOT NULL
       AND TNID LIKE '%' + CONVERT(VARCHAR(50),(ISNULL(@TNID,'')) + '%'
       )

solution2
 1  2018-02-19 16:55:23

You can add @TNID IS NULL with OR condition. This will make your first condition to true when @TNID is NULL . So other conditions will dictate your query result rather than @TNID messing it up.

Below is quick update to your select statement: 

    SELECT * FROM CustomerInfo
    WHERE AgencyID = @AgencyID AND (@TNID IS NULL OR TNID LIKE '%' + ISNULL(CAST(@TNID AS VARCHAR(50)), '') + '%') AND (ProviderName LIKE '%' + ISNULL(@ProviderName, '') + '%') AND (County LIKE '%' + ISNULL(@County, '') + '%') AND (Region LIKE '%' + ISNULL(@Region, '') + '%')

solution3
 0  2018-02-19 17:01:01

I've tested and the following syntax is working on ms sql 2014 : 

declare @toto table (Value varchar(20))
insert @toto select '123'
declare @v int
select * from @toto where value like '%' + isnull(cast(@v as varchar(50)),'') + '%'

I believe the problem come from how you call Sql (which you didn't show us). If you are using an Sql procedure, you must set the SqlCommand.CommandType to Procedure, otherwise you can have strange result.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using LIKE and % in a stored procedure with parameter in FROM clause Getting null return value from stored procedure Return data from SQL Server using Stored Procedure How to return output varchar value from SQL stored procedure How to Pass null value to stored procedure in sql How to return xml from a stored procedure using T-SQL Entity Framework Core 3.1 Return value (int) from stored procedure How to return a value from a stored procedure to EF how to return decimal value from stored procedure How get return value from Stored Procedure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM