troubleshooting Question

SQL Query

Avatar of Stefan Motz
Stefan MotzFlag for United States of America asked on
Microsoft SQL Server 2008
9 Comments1 Solution338 ViewsLast Modified:
How could I make the query below more secure and run faster?  The more "like %" I have, the slower  my query will run.

dim dtStart
dim dtEnd

dtStart = Request.Form("StartDate")
dtEnd = Request.Form("EndDate")

If dtStart = "" then dtStart = "20110601"
If dtEnd = "" then dtEnd = "29000101"

rs.Open "SELECT * FROM myTable WHERE (Store LIKE '%" & Request.Form("Store") & "%' AND (RcvdDate between '" & dtStart & "' AND '" & dtEnd & "') AND Product LIKE '%" & Request.Form("Product") & "%' AND Emp_Name LIKE '%" & replace(request.Form("Emp_Name"),"'","''") & "%'  AND Irreg LIKE '%" & Request.Form("Irreg") & "%' AND Emp_Id LIKE '%" & Request.Form("Emp_Id") & "%' AND Supervisor LIKE '%" & replace(request.Form("Supervisor"),"'","''") & "%' AND Authorized LIKE '%" & Request.Form("Authorized") & "%' AND Paid LIKE '%" & Request.Form("Paid") & "%') order by RcvdDate", conn
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 9 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros