您可以使用动态SQL来实现这一目标:
declare @InputText varchar(8000)
set @InputText = 'abc xyz 123'
declare @CommorText varchar(8000)
set @CommorText = 'SELECT * FROM table WHERE Name like ''%' + replace(@InputText, ' ', '%'' or Name like ''%') + '%''';
-- @CommorText would look like this at this point
-- SELECT * FROM table WHERE Name like '%abc%' or Name like '%xyz%' or Name like '%123%'
execute(@CommorText)
[编辑]回应Avitus评论:
不是最完美的解决方案。但是,如果有人进入“下拉表TEST1”,查询将SELECT * FROM Test1 WHERE Name like '%drop%' or Name like '%table%' or Name like '%Test1%'
是的,直到有人输入一个参数,如“ - drop yourDatabase”或任何其他SQL注入攻击 – Avitus 2011-06-02 02:10:37