string parameter treate as colunm name in execute procedure
-
set nocount on declare @ResultSql varchar(8000) declare @anurag varchar(20) set @anurag='anurag' Set @ResultSql='SELECT distinct a.RegID,a.companyname, b.LocalityName FROM Registration AS a INNER JOIN Locality AS b ON a.LocalityID = b.LocalityID inner join pincode as p on a.pincodeid=p.pincodeid WHERE(a.CityID =1) and a.companyname='+@anurag Create Table #Tbl_Myphonedata ( Id numeric IDENTITY PRIMARY KEY, regid numeric, companyname varchar(30), localityname varchar(30) ) --Fill the temp table with the reminders set @ResultSql = 'select regid,companyname,localityname from( ' + @ResultSql + ' ) OO' Insert Into #Tbl_Myphonedata ( regid,companyname,localityname ) exec ( @ResultSql ) select * from #Tbl_Myphonedata drop table #Tbl_Myphonedata in above procedure parameter @anurag is string type parameter when i execute exec(@ResultSql) @anurag trate as colunm name but it is a simple parameter please help me :(
no knowledge in .net
-
set nocount on declare @ResultSql varchar(8000) declare @anurag varchar(20) set @anurag='anurag' Set @ResultSql='SELECT distinct a.RegID,a.companyname, b.LocalityName FROM Registration AS a INNER JOIN Locality AS b ON a.LocalityID = b.LocalityID inner join pincode as p on a.pincodeid=p.pincodeid WHERE(a.CityID =1) and a.companyname='+@anurag Create Table #Tbl_Myphonedata ( Id numeric IDENTITY PRIMARY KEY, regid numeric, companyname varchar(30), localityname varchar(30) ) --Fill the temp table with the reminders set @ResultSql = 'select regid,companyname,localityname from( ' + @ResultSql + ' ) OO' Insert Into #Tbl_Myphonedata ( regid,companyname,localityname ) exec ( @ResultSql ) select * from #Tbl_Myphonedata drop table #Tbl_Myphonedata in above procedure parameter @anurag is string type parameter when i execute exec(@ResultSql) @anurag trate as colunm name but it is a simple parameter please help me :(
no knowledge in .net
-
You need to enclose it in quotes so that sql server knows it is a value not a column. Better still, used a parameterised query - faster and less prone to sql injections.
Bob Ashfield Consultants Ltd
but i don't know how to enclose string parameter in execute procedure
no knowledge in .net
-
but i don't know how to enclose string parameter in execute procedure
no knowledge in .net
That's called learning - look into parameterised queries in BOL.
Never underestimate the power of human stupidity RAH
-
but i don't know how to enclose string parameter in execute procedure
no knowledge in .net
-
but i don't know how to enclose string parameter in execute procedure
no knowledge in .net
Just because you don't know how to enclose a parameter or willing to try the parameterized method like Ashfield suggested, you should bash people on the review. People maybe less likely to help in the future.
Any suggestions, ideas, or 'constructive criticism' are always welcome. "There's no such thing as a stupid question, only stupid people." - Mr. Garrison