• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

Problem in passing a parameter to Strored Procedure?

Hi,

I want to send a string to a stored procedure. the string is as follows:

A, B, C, D

I'm facing a problem in giving single quotes. How can I do it?

thanks in advance.
0
indiagenious
Asked:
indiagenious
1 Solution
 
TimCotteeHead of Software ServicesCommented:
Hi indiagenious,

Double the single quotes is the simple answer, SQL (of any flavour, access included) will treat two consecutive single (or double) quote characters as a single one when stored in the database (or handled in a stored procedure). It is always useful to have a "fixup" procedure which in VB/ASP would be something like this:

Function FixUp(ByVal SQLString As String) As String
  FixUp = Replace(Replace(SQLString,"'","''"),"""","""""")
End Function

Call it with for example:

cnn.Execute "Insert Into MyTable ('" & Fixup("O'Reilly is a common name in Ireland") & "'")

To sort out the problem with the quotes.

Tim Cottee
Brainbench MVP for Visual Basic
http://www.brainbench.com
0
 
ValidorCommented:
Is this a problem in CALLING the procedure with these parameters, or is it a problem with PASSING the list as a single string?  For example, I have a stored procedure that expects a variable number of parameters, each one a string.  I want to run a query to fetch all rows whose "datatype" field has one of those values in it.  There are 2 ways that I know to do this.  The former method has limits as to how many values can be passed, and the values must be quoted properly as described by TimCottee.  The latter method is recommended.

1) In MSSQL, you can execute plain SQL text by passing a string (containing SQL text) to the system stored procedure named sp_executesql.  Example:

create procedure findrecswiththesedatatypes
  @datatypes nvarchar(1000)
as
@declare sqltext nvarchar(1000)
set @sqltext ='select * from mytable where datatype=' + nvarchar
exec sp_executesql @sqltext


2) Create 2 tables.  One will have a record for each query.  The other will hold parameters for the query.  Instead of dealing with quotes and formatted strings converted to SQL text, just use a join with the parameters against the data to filter the data that you want.

create table requests (
  requestid autoint not null primary key,
  inserttime datetime not null
)

create table requestparms (
  parmid autoint not null primary key,
  requestid int not null,
  parmvalue varchar(25)
)

create proceduresp_ createrequest
  @requestid int out
as
insert into requests (inserttime) values (getdate())
set @requestid = @@scope_identity,

create procedure sp_addparm
  @requestid int,
  @parmvalue varchar(25)
as
insert into requestparms (requestid, parmvalue) values (@requestid, @parmvalue)

create procedure sp_queryrequest
  @requestid
as
select *
from mydata
inner join requestparms
on mydata.datatype = requestparms.parmvalue
where requestparms.requestid = @requestid


declare @requestid int
exec sp_createrequest(@requestid)
exec sp_addparm(@requestid, 'A')
exec sp_addparm(@requestid, 'B')
exec sp_addparm(@requestid, 'C')
exec sp_addparm(@requestid, 'D')
exec sp_queryrequest(@requestid)


Remember lastly to clean up these tables.  You can decide which parms and requests to delete by the insert time.  You may also delete them right away if necessary.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now