I have had no success parameterizing a SELECT query using LIKE.
This is what I am using:
args = [nIDtext.Text]
sqlList = []
sqlList[0] = ["SELECT * FROM AList WHERE nID LIKE %?% ", args, initSuccess, initFail]
Sql(DB1, sqlList)
This also fails:
sqlList[0] = ["SELECT * FROM AList WHERE nID LIKE '%?%' ", args, initSuccess, initFail]
sqlList[0] = ["SELECT * FROM AList WHERE nID LIKE '%'?'%' ", args, initSuccess, initFail]
This works:
sqlList[0] = ["SELECT * FROM AList WHERE nID LIKE '%" & nIDtext.Text & "%' ", initSuccess, initFail]
Parameters
Parameters allow you to simplify your coding by putting the arguments into a separate array. It’s also a more secure way of handling data from users: they will not be able to do an SQL Injection attack on your database.
To use parameters, put a question mark (?) for each item in the Values clause. Then, add a new item to your SQL operation which contains an array of the values.
Yes, i was able to use parameters successfully for SELECT, INSERT and UPDATE commands. However, LIKE doesn’t seem to work the same way. The failed SQL function is always called.