Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Database > SQL Language
Reload this Page SQL Query - Need Urgent Help
|
SQL Language SQL Language discussions not specific to a particular RDBMS program or vendor.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Language section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 10th, 2010, 03:24 AM
Registered User
  
Join Date: Nov 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Query - Need Urgent Help
Hi Techies,

Greetings,

I have a stored procedure which has a query [static] for which I need to append one variable [dyanamic] so that it is executed when SP is run.

Ex:

Declare @WhereCondition Varchar(500)
SET @WhereCondition = 'where id between 1 and 10'
"Select * from Some_Table" is my query

I want to append @WhereCondition to the above query in such a way that, when it is run the query should run like

"Select * from Some_Table Where id between 1 and 10"

PS: I dont want to use dynamic queries as my SP has got 100s of queries which will be a difficult task to change the entire procedure.

Kindly Help ASAP.

My Sincere Thanks well in advance. Thanks for your Valuable Time

Regards,
Sathya
Last edited by astrosathya; November 10th, 2010 at 04:17 AM..
 
Old November 10th, 2010, 03:11 PM
Friend of Wrox
  
Join Date: Jun 2008
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default
Unless the *type* of the WHERE condition is fixed in advance, you have no choice but to use dynamic SQL inside the stored proc.

Code:
CREATE PROCEDURE foo (
    @Where VARCHAR(500)  
)
AS
DECLARE @sql VARCHAR(100)
SET @sql = 'SELECT * FROM some_table ' + @Where
EXEC( @sql )
Note that this is dangerous coding. You need to "sanitize" the @where value to be sure it isn't doing SQL Injection.
 
Old November 12th, 2010, 03:04 AM
Registered User
  
Join Date: Nov 2010
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy
Hi..

Thanks for your sincere reply for my post. Even I am left with that option only. Actually I was trying to see if there is any better option as my Stored Procedure has 100's of queries which have to be made dynamic now but Not so much time left with me..
 
Old November 28th, 2010, 06:38 AM
Friend of Wrox
  
Join Date: Jun 2003
Posts: 996
Thanks: 2
Thanked 11 Times in 11 Posts
Send a message via Yahoo to melvik
Default
u can send ur table name by Parameter too if u wanna do it for many tables
but be aware of SQL Injection my friend
__________________
Always,
Hovik Melkomian.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Need urgent help in Update query Nishapd Classic ASP Basics 5 June 23rd, 2009 03:55 PM
Query About XSLT-Urgent harshalchoksi XSLT 6 February 23rd, 2007 06:43 AM
urgent query,,, please.....!!! SAAM C++ Programming 1 December 11th, 2006 08:22 AM
SQL query problem in Access - Urgent Kaustav Access 2 September 30th, 2005 11:39 PM
New Query (Urgent!!) vinod_yadav1919 Oracle 3 January 31st, 2005 02:05 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.