Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
microsoft.public.sqlserver.programming
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Using WHERE clause parameter
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   3 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
md Webs Unlimited  
View profile  
 More options Dec 3 2007, 8:52 pm
Newsgroups: microsoft.public.sqlserver.programming
From: "md Webs Unlimited" <NoN...@NoAddress.com>
Date: Mon, 3 Dec 2007 19:52:09 -0600
Local: Mon, Dec 3 2007 8:52 pm
Subject: Using WHERE clause parameter
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
When I try to use an SP with parameter that is the WHERE clause it generates
an error.

E.g,

@myWhere = varchar(200)

AS

SELECT x, y FROM skwi WHERE @myWhere

myWhere = status = 7 AND LastName = 'Smith'

The problem is that the where clause is built conditionally in the program.

Any advise and examples on how to accomplish would be appreciated.

--
Mike - FrontPage MVP '97 - '02
Expression Tools & Addin
http://www.j-moves.com
http://www.panemanager.com
FrontPage Tools & Addin
http://www.jbots.com
E-Commerce
http://www.candypress.com


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Tom Cooper  
View profile  
 More options Dec 3 2007, 9:57 pm
Newsgroups: microsoft.public.sqlserver.programming
From: "Tom Cooper" <tomcoo...@comcast.no.spam.please.net>
Date: Mon, 3 Dec 2007 21:57:37 -0500
Local: Mon, Dec 3 2007 9:57 pm
Subject: Re: Using WHERE clause parameter
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
See
http://www.sommarskog.se/dyn-search.html
One of the ways mentioned in that article is dynamic SQL, if you decide to
use dynamic SQL, make sure to read
http://www.sommarskog.se/dynamic_sql.html
Pay particular attention to the part in SQL injection
http://www.sommarskog.se/dynamic_sql.html#SQL_injection

Tom

"md Webs Unlimited" <NoN...@NoAddress.com> wrote in message
news:%232oGOhhNIHA.292@TK2MSFTNGP02.phx.gbl...


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
--CELKO--  
View profile  
 More options Dec 4 2007, 12:41 pm
Newsgroups: microsoft.public.sqlserver.programming
From: --CELKO-- <jcelko...@earthlink.net>
Date: Tue, 4 Dec 2007 09:41:42 -0800 (PST)
Local: Tues, Dec 4 2007 12:41 pm
Subject: Re: Using WHERE clause parameter
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

>> When I try to use an SP with parameter that is the WHERE clause it generates an error. <<

The short, dangerous kludge is to use Dynamic SQL.

The right answer is to get out that old text book on Software
Engineering and the chapters on coupling and cohesion of code
modules.  Those rules still apply in SQL.

You are writing a "Britney Spears, Automobiles and Squids" module  --
you have no idea what it will do at run time, so it has absolutely no
cohesion.  Instead of depending on every random future user to write
proper SQL, you need to earn your salary and proper them with a well-
defined module with a meaningful name and a known parameter list.

If you want a general query tool, then use QA.  Application users
should be kept away form it.


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google