Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Select records from an MS SQL 2K table using value list parameter

Posted on 2004-08-11
8
Medium Priority
?
252 Views
Last Modified: 2008-03-10
I'm contructing a stored proc like the following:

CREATE PROCEDURE Select_Widgets
    @WidgetsList varChar(20)
    AS
    Select * From Table1
    Where WidgetID In(@WidgetsList )

but am getting the following error from sql server 2k when running through the debugger: 'Syntax error converting the varchar value '2,5' to a column of data type int'.  The target field is an int, so I'm passing a comma delimited list of int values without quotes around each value.
0
Comment
Question by:LloydMc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 15

Expert Comment

by:jdlambert1
ID: 11776288
Don't know if there's a better way, but this works:

CREATE PROCEDURE Select_Widgets
    @WidgetsList varChar(20)
AS

DECLARE @sql nvarchar(888)

SET @sql = 'Select * From Table1 Where WidgetID In ( ' + @WidgetsList + ') '

EXEC sp_executesql @sql
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 11776453
jdlambert1: I agree, this is 'the' solution, no better choices availlable ...
0
 
LVL 18

Accepted Solution

by:
SjoerdVerweij earned 500 total points
ID: 11777172
Ehm... how about

Create Procedure Select_Widgets
  @WidgetList VarChar(255)
As
Begin

  Declare @TWidget Table(ID Int)

  Declare @P Int

  While (@P > 0)
    Begin
      Set @P = CharIndex(',', @WidgetList)
      If (@P <= 0)
        Insert Into @TWidget(ID) Values(Cast(@WidgetList As Int))
      Else
        Begin
          Insert Into @TWidget(ID) Values(Cast(Left(@WidgetList, @P-1) As Int))
          Set @WidgetList = SubString(@WidgetList, @P + 1, 255)
        End
    End
 
  Select * From Table1 Where WidgetID In (Select ID From @TWidget)

End
Go

No dynamic SQL needed.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 34

Expert Comment

by:arbert
ID: 11777410
Have to agree with SjoerdVerweij here.  Looks overly complicated, but you don't have the penalty of Dynamic SQL and you don't have to worry about the security implications of dynamic sql...
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 11782187
If security is an issue, last solution is best. If it is not, first solution is more fexible, since you can use a subselect as argument (and this is indeed the security break ...).
0
 
LVL 18

Expert Comment

by:SjoerdVerweij
ID: 11784968
Call the first version like so:

Select_Widgets '0);select user --'

It's called a SQL injection attack.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question