更新时间:2023-02-05 19:31:10
% 字符必须在搜索字符串...
The % characters have to be in the search string...
SET @search = '%' + @search + '%'
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE @search'
请注意,以下内容也可以使用,但会引入潜在的 SQL 注入漏洞...
Note that the following would also work, but introduces potential for a SQL injection vulnerability...
-- DON'T do this!
SET @SQLQuery = 'SELECT * FROM [tblApps] WHERE [firstName] LIKE ''%' + @search + '%'''