Arabic langauge not display when i make search by arabic langauge why
-
Hi guys I have database hr has table Employee this table has field EmployeeName EmployeeName nvarchar(50) when i write in query analyzer : select ^ from Employee where EmployeeName='احمد' not give me any result but when i write select * from Employee where EmployeeName=N'احمد' it give me result meaning it support arabic but i have stored procedure not accept arabic and i dont know how to handel it to accept search by EmployeeName CREATE Procedure sp_EmployeeSelect @EmployeeName nvarchar(50) AS Declare @SQLQuery as nvarchar(2000) SET @SQLQuery ='SELECT * from Employee Where (1=1)' If @EmployeeName <>'' Set @SQLQuery = @SQLQuery + ' AND (EmployeeName LIKE ''%'+@EmployeeName +'%'') ' Exec (@SQLQuery) what is the proplem in this stored procedure and how to solve it please help me
-
Hi guys I have database hr has table Employee this table has field EmployeeName EmployeeName nvarchar(50) when i write in query analyzer : select ^ from Employee where EmployeeName='احمد' not give me any result but when i write select * from Employee where EmployeeName=N'احمد' it give me result meaning it support arabic but i have stored procedure not accept arabic and i dont know how to handel it to accept search by EmployeeName CREATE Procedure sp_EmployeeSelect @EmployeeName nvarchar(50) AS Declare @SQLQuery as nvarchar(2000) SET @SQLQuery ='SELECT * from Employee Where (1=1)' If @EmployeeName <>'' Set @SQLQuery = @SQLQuery + ' AND (EmployeeName LIKE ''%'+@EmployeeName +'%'') ' Exec (@SQLQuery) what is the proplem in this stored procedure and how to solve it please help me
Why don't you apply the solution you found in query analyzer
select * from Employee where EmployeeName=N'احمد'
in the stored procedure? I.e.
Set @SQLQuery = @SQLQuery + ' AND (EmployeeName LIKE N''%'+@EmployeeName +'%'') '
-
Hi guys I have database hr has table Employee this table has field EmployeeName EmployeeName nvarchar(50) when i write in query analyzer : select ^ from Employee where EmployeeName='احمد' not give me any result but when i write select * from Employee where EmployeeName=N'احمد' it give me result meaning it support arabic but i have stored procedure not accept arabic and i dont know how to handel it to accept search by EmployeeName CREATE Procedure sp_EmployeeSelect @EmployeeName nvarchar(50) AS Declare @SQLQuery as nvarchar(2000) SET @SQLQuery ='SELECT * from Employee Where (1=1)' If @EmployeeName <>'' Set @SQLQuery = @SQLQuery + ' AND (EmployeeName LIKE ''%'+@EmployeeName +'%'') ' Exec (@SQLQuery) what is the proplem in this stored procedure and how to solve it please help me
I'm repeating myself here: Don't use string concatenation to build a dynamic SQL query. Your code will be susceptible to SQL Injection[^]. If you really need to use a dynamic query, use
sp_executesql[^] to execute it:CREATE Procedure sp_EmployeeSelect
@EmployeeName nvarchar(50)
AS
Declare @SQLQuery as nvarchar(2000)SET @SQLQuery = N'SELECT * from Employee Where (1=1)'
If @EmployeeName <> ''
Set @SQLQuery = @SQLQuery + N' AND (EmployeeName LIKE N''%'' + @EmployeeName + N''%'')'Exec sp_executesql @SQLQuery,
N'@EmployeeName nvarchar(50)',
@EmployeeNameHowever, in this case, as with all of your QA questions, you don't need a dynamic query:
CREATE Procedure sp_EmployeeSelect
@EmployeeName nvarchar(50)
AS
SELECT
*
FROM
Employee
WHERE
@EmployeeName = N''
Or
EmployeeName Like N'%' + @EmployeeName + N'%'
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
