tags:

views:

37

answers:

2
+2  Q: 

Writing a simple SQL Server 2005 dynamic sql

I am writing a fairly simple SQL query in SQL 2005, but am running into an issue and can't figure out what is wrong.

For documentation purposes, the query has to be a dynamic sql

A snippet of my query is:

@RecCreatorID int
....
....
IF (@RRecCreatorID IS NOT NULL)
    Begin
        Set @strSQL = @strSQL + ' AND RecCreatorID = @RecCreatorID'
    End

However, when I run PRINT @strSQL, what I get is

And RecCreatorID = @RecCreatorID

How can I get the actual value of @RecCreatorID to be displayed?

+3  A:  
@RecCreatorID int
....
....
IF (@RRecCreatorID IS NOT NULL)
    Begin
        Set @strSQL = @strSQL + ' AND RecCreatorID =' +  cast(@RecCreatorID as varchar(50))
    End

another solution is to use sp_executesql to execute query

Pranay Rana  2010-06-29 12:02:48
Why would I cast that as varchar if its an int in the proc ?
user279521  2010-06-29 12:03:26
because @RecCreatorID is integer and @strSQL is varchar
Pranay Rana  2010-06-29 12:04:07
Correct, but might lead to SQL injections. (Of course when @RecCreatorId is a string.)
treaschf  2010-06-29 12:05:30
Incredible. Thanks for the answer !!
user279521  2010-06-29 12:08:27
i think sp_exeuctesql is better to use over here but condition is constrain over here
Pranay Rana  2010-06-29 12:08:43
as opposed to Execute(@strSQL) ?
user279521  2010-06-29 12:13:06
+2  A: 

Use sp_executesql. That stored procedure will accept parameters which you can then use inside your dynamic SQL (parameter substitution). For example:

Set @strSQL = @strSQL + ' AND RecCreatorID = @RecCreatorID_PARAM'


exec sp_executesql @SQL,
N'@RecCreatorID_PARAM int',
@RecCreatorID_PARAM = @RecCreatorID

Although this doesn't do much for displaying purposes, it's still a better way of handling dynamic SQL than concatenation, imho.

Rob  2010-06-29 12:04:24

related questions

SQL Server, convert a named instance to default instance?
Natural (human alpha-numeric) sort in Microsoft SQL 2005
In MS SQL Server 2005, is there a way to export, the complete maintenance plan of a database as a SQL Script?
Does ReadUncommitted imply NoLock
Query to list all tables that contain a specific column with SQL Server 2005.
Can I maintain state between calls to a SQL Server UDF?
What are the benefits of using partitions with the Enterprise edition of SQL 2005
Upgrading Sharepoint 3.0 to SQL 2005 Backend?
What's the simplest way to execute a query in Visual C++
Can you perform an AND search of keywords using FREETEXT() on SQL Server 2005?
Create a database from another database?
What's the fastest way to bulk insert a lot of data in SQL Server (C# client)
SQL 2005 Book For Optimization Techniques
How do I create a mapping table in SQL Server Management Studio?
Cannot Add a Sql Server Login
SQL Server 2005 - Export table programatically (run a .sql file to rebuild it)
Diagnosing Deadlocks in SQL Server 2005
SQL2005: Linking a table to multiple tables and retaining Ref Integrity?
How to create a new instance of Sql Server 2005
SQL Server 2008 vs 2005 Linq integration
How do you kill all current connections to a SQL Server 2005 database?
Conditional Visibility and Page Breaks with SQL Server 2005 Reporting Services
SQL Server 2005 and 2008 on same developer machine?
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting