Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

XP_SENDMAIL and Passing Query Parameters

Posted on 2004-09-27
2
Medium Priority
?
502 Views
Last Modified: 2010-10-11
Hi,

I have the following in a sp:

select @query_email= 'select column_1, column_2 from my_table where column_1='@parameter''
EXEC master.dbo.xp_sendmail @recipients = @email,
   @query = @query_email

The @parameter is defined earlier (correctly and also the @email too).

How can I run the query in xp_sendmail and also pass a parameter from the sp into the query?

Thanks,

Farawayman
0
Comment
Question by:farawayman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 143

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 2000 total points
ID: 12160105
You have to put the parameter VALUE inside the @query string, because xp_sendmail won't know about it otherwise:
select @query_email= 'select column_1, column_2 from my_table where column_1=''' + @parameter + ''''

Please take care that the @parameter value is "secure", so that it cannot contain malicious code.
To be sure the above works also if @parameter contains a ' in it (like Mc'Donald for names), use this

select @query_email= 'select column_1, column_2 from my_table where column_1=''' + replace(@parameter, '''', '''''') + ''''

CHeers
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
A Stored Procedure in Microsoft SQL Server is a powerful feature that it can be used to execute the Data Manipulation Language (DML) or Data Definition Language (DDL). Depending on business requirements, a single Stored Procedure can return differe…
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question