How Do I Insert Rows into a table dynamicly?

r_mohd

Hi all, Currently i am facing a problem when i try to insert rows in a table dynamicly. i using vb.net 2008 with mssql express 2008.here are the details of my codes USE [database] GO SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO create PROCEDURE [dbo].[TestSp] ( @name nvarchar(50), @tb varchar(200) ) AS BEGIN SET NOCOUNT ON; execute ('insert into ' + @tb +'(xname)values(@name)') END exec testsp 'testtable1','Abcxyz' Error: Msg 137, Level 15, State 2, Line 1 Must declare the scalar variable "@name". please help me.

rmshah Developer

Mycroft Holmes

Notice how you included the table name in the SQL string, do the same for the @Name value as well. execute ('insert into ' + @tb +'(xname)values(' + @name +')') Also use pre tags when posting code - easier to read

Never underestimate the power of human stupidity RAH

N a v a n e e t h

r_mohd wrote:

execute ('insert into ' + @tb +'(xname)values(@name)')

That's a poor practice. Your code is open to SQL injection attacks. You need read SQL Injection Attacks and Some Tips on How to Prevent Them[^].

Navaneeth How to use google | Ask smart questions