Use if and like to check a pattern : IF « Transact SQL « SQL Server / T-SQL Tutorial

6> DECLARE @sql AS NVARCHAR(4000),
7>   @b AS VARBINARY(1000), @s AS VARCHAR(2002);
8> SET @s = '0x0123456789abcdef';
9>
10> IF @s NOT LIKE '0x%' OR @s LIKE '0x%[^0-9a-fA-F]%'
11> BEGIN
12>   RAISERROR('Possible SQL Injection attempt.', 16, 1);
13>   RETURN;
14> END
15>
16> SET @sql = N'SET @o = ' + @s + N';';
17> EXEC sp_executesql
18>   @stmt = @sql,
19>   @params = N'@o AS VARBINARY(1000) OUTPUT',
20>   @o = @b OUTPUT;
21>
22> SELECT @b;
23> GO



--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------
0x0123456789ABCDEF


1>
2>

20.7.IF
	20.7.1.	The syntax of the IF...ELSE statement
	20.7.2.	Using an Expression with an Explicit Unknown Value
	20.7.3.	Using an Expression with an Unknown Value Returned from One of the Participating Simple Logical Expressions
	20.7.4.	Short circuit aborts any further processing of a logical expression as soon as its result can be determined.
	20.7.5.	IF (@au_id IS NULL)
	20.7.6.	IF EXISTS
	20.7.7.	Use function returned value
	20.7.8.	IF (SELECT ID FROM inserted) like '99[0-9][0-9]'
	20.7.9.	IF (SELECT COUNT(*) FROM inserted) > 1
	20.7.10.	If statement with aggregate function
	20.7.11.	Use if and like to check a pattern
	20.7.12.	Implementing the ELSE Statement In Our Sproc
	20.7.13.	A script that tests for outstanding Billings with an IF statement
	20.7.14.	uses an IF...ELSE statement