Kevin.roberts25 (2/19/2013)
Try this which I got from code project, its a great way to do a query from a form with multiple parameters
Create Procedure sp_EmployeeSelect_Coalesce
@EmployeeName NVarchar(100),
@Department NVarchar(50),
@Designation NVarchar(50),
@StartDate DateTime,
@EndDate DateTime,
@Salary Decimal(10,2)
AS
Set NoCount ON
Select * From tblEmployees
where EmployeeName = Coalesce(@EmployeeName, EmployeeName) AND
Department = Coalesce(@Department, Department ) AND
Designation = Coalesce(@Designation, Designation) AND
JoiningDate >= Coalesce(@StartDate, JoiningDate) AND
JoiningDate <= Coalesce(@EndDate, JoiningDate) AND
Salary >= Coalesce(@Salary, Salary)
If @@ERROR <> 0 GoTo ErrorHandler
Set NoCount OFF
Return(0)
ErrorHandler:
Return(@@ERROR)
GO
Kevin,
First, I know this isn't your fault and I'm not slamming you. You found what you think is a good article or post.
Have you got a link for that reference? I ask because I'd like to go there and set those folks straight on how bad this form of "Catch All" query can be since INDEX SCANS are virtually the only thing guaranteed to happen here.
The correct way to do this is with properly written, SQL-Injection-proof code. Please see the following article on one method for how easily this is accomplished.
http://sqlinthewild.co.za/index.php/2009/03/19/catch-all-queries/
Also, the use of GOTO has fallen out of favor with most people. TRY/CATCH seems to be the way to go now for most things.
--Jeff Moden
Change is inevitable... Change for the better is not.