Link to home
Start Free TrialLog in
Avatar of kenson2127
kenson2127Flag for Malaysia

asked on

How to convert this statement to stored procedure?

Hi,

How can I convert this SQL statement to stored procedure?

strSQL = "SELECT * FROM TB_PackageBookings PB " & vbCrLf
strSQL += " WHERE PB.PackageBookingID IN (" & v_lngPackageBookingIdList & ");"

The difficulties here is the IN clause, any idea?
Thanks..

Regards,
kenson
Avatar of kenson2127
kenson2127
Flag of Malaysia image

ASKER

The example data of v_lngPackageBookingIdList  is "1, 2, 4"
ASKER CERTIFIED SOLUTION
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kenson2127
kenson2127
Flag of Malaysia image

ASKER

Thanks. It works perfectly. Anyway, which solution you think is better?
Avatar of rdrunner
rdrunner
I would suggest avoiding dynamic SQL. Dynamic SQL can be very dangeous if someone finds a way to alter the input...

For example this parameter would be very unhealthy for the Dynamic SQL version:

"1,2,4) drop table TB_PackageBookings --"
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image
As I wrote , to prevent sql injection And to increase performance, the second option should be used...

for the record, here the article about how to use XML as "array" parameter:
http://support.microsoft.com/default.aspx?scid=kb;en-us;555266
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image
A more general splitting function (for my reference, but also free usage), for having the delimiter parameter:
create FUNCTION dbo.ParmsToList (@Parameters varchar(500), @delimiter varchar(10) )
returns @result TABLE (Value varchar(8000))
AS  
begin
    declare @dx varchar(9)
    --declare @loops int
    -- set @loops = 0
 
     DECLARE @TempList table
          (
          Value varchar(8000)
          )
 
     if @delimiter is null  set @delimiter = ' '
     if datalength(@delimiter) < 1 set @delimiter = ' '
     set @dx = left(@delimiter, datalength(@delimiter)-1)
 
     DECLARE @Value varchar(8000), @Pos int
 
     SET @Parameters = @Parameters + @delimiter
     SET @Pos = CHARINDEX(@delimiter, @Parameters, 1)
 
     IF REPLACE(@Parameters, @delimiter, @dx) <> ''
     BEGIN
          WHILE @Pos > 0 --and @Loops < 100
          BEGIN
              -- set @loops = @loops + 1
               SET @Value = LEFT(@Parameters, @Pos - 1)
               IF @Value <> ''
               BEGIN
                    INSERT INTO @TempList (Value) VALUES (@Value) --Use Appropriate conversion
               END
               SET @Parameters = SUBSTRING(@Parameters, @Pos+ datalength(@delimiter),500)
               SET @Pos = CHARINDEX(@delimiter, @Parameters, 1)
 
          END
     END    
     INSERT @result
     SELECT value
        FROM @TempList
     RETURN
END

Open in new window

Avatar of ken hanse
ken hanse
Flag of Australia image
My dataset is more than 5 million records. so solution should be good performance
Avatar of Ferruccio Guicciardi
Ferruccio Guicciardi
Flag of Ireland image
Thanks :) Very handy