How to use LIKE in a t-sql dynamic statement in a stored procedure?

Question

I\'m trying to use the LIKE keyword with the % wildcards wrapping the parameter, but I\'m not sure how to get the % characters into the statement without breaking it. Right

Answer 1

SET @SQLQuery = 'SELECT * from [tblApps] WHERE [firstName] LIKE ''%'' + @search + ''%'''
exec sp_executesql @query=@SQLQuery, @params=N'@search nvarchar(96)', @search=@search

The only difference from this version as compared to the others is that the dynamic execution of the sql is in fact parameterized which mitigates sql injection a bit.