search string not work if i pass it arrounded single quotes

May 15 2020 7:30 PM

When execute web api search string added to it double quotes why and how to solve issue ?

I work on web api asp.net core 2.2 I face this error

An expression of non-boolean type specified in a context where a condition is expected, near 'and'.

procedure work from sql succes as below

exec [dbo].[sp_ReportDetailsGetALL] "2028","2020-05-03","2020-05-11", 'Text6=''locations'''

exactly issue on the following line

not work if as below

on web api i think it add double quotes on start and end so that it not work

json i passed to web api as following :

procedure getreportdetail as following :

declare @ColumnName Nvarchar(max) = (SELECT 'select ' + STUFF((SELECT ',' + 'Text'+CONVERT(varchar(20),ReportHeaderIndex) + ' '+ '['+ReportHeader +']'
FROM ReportHeaders where ReportID=@ReportID order by ReportHeaderIndex
FOR XML PATH('')) ,1,1,'') + ' , convert(nvarchar(20),[ReportDate]) ReportDate From ReportDetails R where ReportDate >= ''' +@ReportDateFrom+''' and ReportDate <= '''+ @ReportDateTo +''' and R.ReportID =' + @ReportID + ' and '+@SearchString+' and IsHistory=0 order by reportdate desc ' + @SortingColumns AS Txt )
exec (@ColumnName)

What I have tried:

public DataTable GetReportDetailsSearch(string ReportID, string FromDate, string ToDate, string SearchString)
{
List<SqlParameter> param = new List<SqlParameter>()
{
new SqlParameter("@SearchString",SearchString),
};
DataTable ReportDetailsSearch = SQLDAL.ReturnDataTableByProcedure("sp_ReportDetailsGetALL", param);
return ReportDetailsSearch;
}
[Route("ReportDetailsSearch")]
[HttpPost]
public IActionResult GetSearchedData([FromBody] dynamic DataObjectSearch)
{
try
{
string Searchdata = DataObjectSearch.searchstring;
var PostSearch = _reportservice.GetReportDetailsSearch(ReportId, StartDate, EndDate, Searchdata);
return Ok(PostSearch);
}

Answers (1)