Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 Multiple Parameters Using Full Search Index

Author  Topic 

matto456
Starting Member

2 Posts

Posted - 2014-11-26 : 12:59:36
Using a full search index with the following query works with just one parameter.

declare @P0 varchar(50) = '"First*"'
SELECT *
FROM TableName
where contains ((Col1, Col2), @P0)

How do I make it work if I have two parameters, while also protecting the parameters from injection attacks?

declare @P0 varchar(50) = '"First*"'
declare @P1 varchar(50) = '"Second*"'
SELECT *
FROM TableName
where contains ((Col1, Col2), @P0 AND @P1)

If they weren't parameters, you put single quotes around the ' @P0 AND @P1' to get this query to work. Any suggestions?

bitsmed
Aged Yak Warrior

545 Posts

Posted - 2014-11-27 : 19:40:28
How about:
where contains((Col1,Col2),@P0) and contains((Col1,Col2),@P1)
Go to Top of Page

matto456
Starting Member

2 Posts

Posted - 2014-12-01 : 09:31:13
Thanks so much for the reply. That does work, but it appears to slow down the execution time. Can you think of another solution?
Go to Top of Page
   

- Advertisement -