Using WHERE clause parameter

[md Webs Unlimited]

When I try to use an SP with parameter that is the WHERE clause it generates
an error.

E.g,

@myWhere = varchar(200)

AS

SELECT x, y FROM skwi WHERE @myWhere

myWhere = status = 7 AND LastName = 'Smith'

The problem is that the where clause is built conditionally in the program.

Any advise and examples on how to accomplish would be appreciated.

--
Mike - FrontPage MVP '97 - '02
Expression Tools & Addin
http://www.j-moves.com
http://www.panemanager.com
FrontPage Tools & Addin
http://www.jbots.com
E-Commerce
http://www.candypress.com

[Tom Cooper]

See
http://www.sommarskog.se/dyn-search.html
One of the ways mentioned in that article is dynamic SQL, if you decide to
use dynamic SQL, make sure to read
http://www.sommarskog.se/dynamic_sql.html
Pay particular attention to the part in SQL injection
http://www.sommarskog.se/dynamic_sql.html#SQL_injection

Tom

"md Webs Unlimited" <NoN...@NoAddress.com> wrote in message
news:%232oGOhh...@TK2MSFTNGP02.phx.gbl...

[--CELKO--]

>> When I try to use an SP with parameter that is the WHERE clause it generates an error. <<

The short, dangerous kludge is to use Dynamic SQL.

The right answer is to get out that old text book on Software
Engineering and the chapters on coupling and cohesion of code
modules. Those rules still apply in SQL.

You are writing a "Britney Spears, Automobiles and Squids" module --
you have no idea what it will do at run time, so it has absolutely no
cohesion. Instead of depending on every random future user to write
proper SQL, you need to earn your salary and proper them with a well-
defined module with a meaningful name and a known parameter list.

If you want a general query tool, then use QA. Application users
should be kept away form it.