View Single Post
  #7 (permalink)  
Old October 3rd, 2004, 12:19 AM
jemacc jemacc is offline
Friend of Wrox
Join Date: Nov 2003
Location: Lehigh Acres, FL, USA.
Posts: 625
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to jemacc

Caution using a variable for your table name causes security risk

use the below adding your where clause

create proc up_parmSel_state
declare @SQL varchar(255), @tblname sysname

SELECT @tblname = 'state_t'

SELECT @SQL = 'SELECT * FROM ' + @tblname
SELECT @SQL = @SQL + ' WHERE (stateID) = 12345'
Reply With Quote