I am trying to construct a parametersed query. I have constructed a stored prodedure and an asp.net class which seems to be doing everything i need. the only last problem i have is with the dates. This is the stored procedure:
ALTER PROCEDURE [dbo].[SelectApplications] (@titleFilter varchar(50),@appType varchar(3), @programme varchar(3),@status varchar(3), @startDate varchar(15),@endDate varchar(15),@department varchar(30))
declare @sql varchar(2000)
set @sql = 'select top 100 * from applications where
app_type like ''' + @appType + ''' and app_title1 like ''%' + @titleFilter + '%'' and
progid like ''' + @programme + ''' and
app_status like ''' + @status + ''' and
startDate ' + @startDate + ' + and
endDate + ' + @endDate + ' + and
DeptId like ''' + @department + ''' '
My asp.net class sends the following code to the stored procedure:
exec SelectApplicationsView @titleFilter='',@appType='%',@programme='%',@Status='%',@startDate='< 1/1/2000',@endDate='> 1/1/1900',@department='%'
as you can hopefully see, my problem is that the dates are being put in single quotes when in actual fact they shouldn't be in single quotes.
do you know how to acheive this in dynamic sql?
or should i be doing this query another way?