1

I have this query (not important per se):

SqlCommand sqlCmd = new SqlCommand("SELECT * FROM Table1 WHERE " +
"CONTAINS((col1, col2, col3), " +  "'\"*m*\"' )" +   
"ORDER BY(SELECT null) " + 
"OFFSET(1) ROWS  FETCH NEXT(100) ROWS ONLY", conn);

It returns all rows that have an 'm' in the specified columns, as it should. Notice that the 'm' is inside a pair of asterisks (wild characters), then quotation marks, then apostrophes.

I wanted to parametrize it, i.e. put any string in the query.

I wrote this:

SqlCommand sqlCmd = new SqlCommand("SELECT * FROM Table1 WHERE "+ "CONTAINS((col1, col2, col3), " +    "'\"*@searchText*\"' )" +  
"ORDER BY(SELECT null) "+ 
"OFFSET(1) ROWS  FETCH NEXT(100) ROWS ONLY", conn);
sqlCmd.Parameters.AddWithValue("@searchText", textToSearch);

But instead of putting the textToSearch string's contents in the SqlCommand, this code puts @searchText itself.

I looked similar posts here and tried to follow but it did not work, probably because there is an apostrophe and a quotation mark and an asterisk in the format.

What am I doing wrong?

How should I specify this command?

Improve this question
3
  • Why are you wrapping @searchText in *? Sorry if this is obvious, I don't claim to know everything. Commented Jul 12, 2017 at 17:38
  • You're saying CONTAINS((col1, col2, col3), '"*@searchText*"') in your string. Commented Jul 12, 2017 at 17:47
  • This is how it works, I tested it in SQL Management Studio Commented Jul 13, 2017 at 8:28

3 Answers 3

Reset to default
2

You are enclosing your parameter inside single quotes which are reserved for character strings.

Remove the single quotes around the parameter and you should be fine like so:

Yours:

+ "'\"@searchText\"' )" +

Correct:

+ " @searchText)" +

EDIT:

If you want to include the double quotes and asterisk in what you are searching for, you'll want to concatenate the string in SQL like so:

+ "'\"*' + @searchText + '*\"')" +

EDIT2:

Per @steve's suggestion:

textToSearch = "'\"*" + textToSearch + "*\"'"

Then, you can leave your SQL as this which is much more readable.

+ " @searchText)" +
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Perhaps it is better to prepare correctly the textToSearch variable instead of complicating the query text.
I added additional apostrophes, which was the error. Removing them and leaving only the quotation marks and the asterisk fixed the problem. Thank you all!
2

You need to concatenate the parameter into your search string in the query... something like this:

"'\"*' + @searchText + '*\"' )"
Improve this answer

1 Comment

It's the same as your edited answer. I didn't test, so please give the error and correct yours too.
2

Try to build a value of a parameter and use the parameter. Kind of

SqlCommand sqlCmd = new SqlCommand(@"SELECT * FROM Table1 
    WHERE CONTAINS((col1, col2, col3), @searchText )
    ORDER BY(SELECT null) 
    OFFSET(1) ROWS FETCH NEXT(100) ROWS ONLY"
    , conn);
 sqlCmd.Parameters.AddWithValue("@searchText", "\"*"+textToSearch+"*\"");
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.