Closed j9ac9k closed 7 years ago
This is because the query parameter replaces the whole literal in the query. It is impossible to inject a part of the literal that way.
Try:
data = c("%12345")
query <- "SELECT * FROM stuff left join stuff on more stuff = original stuff WHERE column LIKE ?
res <- sqlExecute(channel=conn, query=query, data=data, fetch=TRUE)
Brilliant, it worked, thanks so much!
Hello,
I'm running into an issue, and while I'm not at all convinced that it's not an issue with my code/query setup, I'm out of ideas of what to try.
I have a query that is of the form
I get the following result:
But if I change my query around a bit, and give it the full input (with no wildcard) such as follows, all is well
In case it makes a difference, I'm connecting to a 2014 SQL Server. I'm able to make the equivalent query work with the RODBC library in non-parametric form:
I'm no expert with SQL, so I could be missing something very basic.
Any input would be appreciated.