tags:

views:

484

answers:

6
Q: 

Problem with code syntax : Stored Procedure for Generic Insert

I have problem compilin this code..can anyone tell whats wrong with the syntax

CREATE PROCEDURE spGenericInsert
    (
     @insValueStr nvarchar(200) 
     @tblName nvarchar(10) 
    )

AS

BEGIN

    DECLARE @insQueryStr nvarchar(400)
    DECLARE @insPrimaryKey nvarchar(10)
    DECLARE @rowCountVal integer
    DECLARE @prefix nvarchar(5)


    IF @tblName='HW_Master_DB'
     SET @rowCountVal=(SELECT COUNT(*) FROM HW_Master_DB)
    ELSE IF @TableName='SW_Master_DB'
     SET @rowCountVal=(SELECT COUNT(*) FROM SW_Master_DB)
    ELSE IF @TableName='INV_Allocation_DB'
     SET @rowCountVal=(SELECT COUNT(*) FROM INV_Allocation_DB)
    ELSE IF @TableName='REQ_Master_DB'
     SET @rowCountVal=(SELECT COUNT(*) FROM REQ_Master_DB)

    IF @tblName = 'DEFECT_LOG' 
     SET @prefix='DEF_'
    ELSE IF @tblName='INV_Allocation_DB'
     SET @prefix='INV_'
    ELSE IF @tblName='REQ_Master_DB'
     SET @prefix='REQ_'
    ELSE IF @tblName='SW_Master_DB'
     SET @prefix='SWI_'
    ELSE IF @tblName='HW_Master_DB'
     SET @prefix='HWI_' 


    SET @insPrimaryKey= @prefix + RIGHT(replicate('0',5)+ convert(varchar(5),@rowCountVal),5) -- returns somethin like 'DEF_00005'

    SET @insQueryStr= 'INSERT INTO ' + @tblName + ' VALUES (' + @insPrimaryKey + ',' + @insValueStr + ')'

    EXEC(@insQueryStr)

END
+2  A: 

and your question?

karlis  2009-01-19 10:29:43
I thought it might be missing because of some invalid format... But I didn't find it either...
Tomalak  2009-01-19 10:35:08
+3  A: 

Take your pick:

  • @TableName isn't defined
  • @tblName vs. @TableName
Jonathan Lonowski  2009-01-19 10:35:40
A: 

Aside from missing lots of semicolons, you're going to have to give us more to go on.

Actually, SQL Server might not need semicolons, so ignore that...

But here is a good place to start learning about stored prcedures in SQL server. You can search Google for some more as well.

lc  2009-01-19 10:35:53
hi where do i have to put semicolons. i just started with sql server. i havent come across good material to learn effective stored procedure techniques and syntaxes.
kk  2009-01-19 10:41:07
+2  A: 

I cannot immediately see what's wrong with the syntax (the sharp eye of Jonathan Lonowski has solved that already), but there are some things wrong with the code:

  1. You create dynamic SQL, so your code is vunerable to SQL-injection attacks. Both the input parameters are used in a dangerous way. Solve this by creating a stored procedure for every table. So you don't have to generate SQL anymore.

  2. There is no check if the table is not in the list used.

  3. Your primary key generation algorithm can/will create duplicate keys in a multi-user scenario, or if rows are deleted from the table. Solve by using an identity column or some other feature from the database you are using.

GvS  2009-01-19 10:39:06
how can i overcome this.. where can i get good info on stored procedures..
kk  2009-01-19 10:43:38
MSDN is always a nice place to start when you are doing MS development. And try to keep your code more simple, you are trying to do too much in one place.
GvS  2009-01-19 10:47:08
Voted up for trying to answer the question in a positive manner.
Raithlin  2009-01-19 10:51:03
+1  A: 

Honestly, you seem to be making a headache for yourself. Check out integer identities and IDENTITY syntax.

Unless you are truly required to use keys in the "DEF_00005" format, they will make your life a lot easier.

CREATE TABLE DemoTable (
    Key INT IDENTITY(1,1) NOT NULL PRIMARY KEY,
    Value VARCHAR(200)
);

INSERT INTO DemoTable (Value) VALUES ('Something');

SELECT * FROM DemoTable;

  | Key | Value     |
  |-----|-----------|
  | 1   | Something |
Jonathan Lonowski  2009-01-19 10:54:46
A: 

hi Jonathan,

I know about Integer Identity columns.. but i have to use a AlphaNumeric ID in the tables in inserting new values in a highly multi-user intranet system.

The records will not be deleted from the table. So problem is that of maintain synchronous insertion of records with ID field automatically generated.

Any suggestions how that can be done.

kk  2009-01-19 11:50:59

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?