Solved

Dynamic WHERE clause with paging functionality in SQL 2005

Posted on 2008-06-24
5
358 Views
Last Modified: 2010-04-21
Hi

I would like to pass a where clause as a parameter (e.g.: FirstName Like '%Jo%')

When I run this stored procedure in query analyzer I get:
Incorrect syntax near ')'.
Invalid object name 'ItemEntries'.

I followed an example on a previous question on expert exchange but the solution did not seem to work for me.

Seems to be the dynamic WITH  that throws an error.

Is it in anyway possible to resolve this problem?
ALTER PROCEDURE [dbo].[PagedUserList]
(
	@PageIndex int,
	@NumRows int,
	@SearchText nvarchar(1000)
)
AS
 
BEGIN
 
	DECLARE @nSQL nvarchar(1090)
	SET @nSQL = 'SELECT (SELECT COUNT(*) FROM Users WHERE '+@SearchText+') AS MemberCount'
	EXECUTE sp_executeSQL @nSQL
 
	
	DECLARE @startRowIndex int;
	SET @startRowIndex = (@PageIndex * @NumRows) + 1;
 
	DECLARE @wSQL nvarchar(1090)
	SET @wSQL = 'WITH ItemEntries AS (SELECT ROW_NUMBER() OVER (ORDER BY LastName DESC) AS Row, UserID, FirstName, LastName FROM Users WHERE '+@SearchText+')'
	EXEC sp_executesql @wSQL
	
	SELECT UserID, FirstName, LastName
	FROM ItemEntries
	WHERE Row between 
	@startRowIndex and @StartRowIndex+@NumRows-1
	
END

Open in new window

0
Comment
Question by:andysross
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:Deepika_Rastogi
ID: 21863126
check whether the ' character is passed properly in the parameter
0
 

Author Comment

by:andysross
ID: 21869776
Hi

I made the parameter @SearchText redundent to eliminate how I may be passing this parameter and ran it again in query analyzer with the result below. I still get the same error


---------------------------
PagedUserList 1, 9
---------------------------
(1 row(s) affected)
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near ')'.
Msg 208, Level 16, State 1, Procedure PagedUserList, Line 24
Invalid object name 'ItemEntries'.
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
go
 
ALTER PROCEDURE [dbo].[PagedUserList]
(
	@PageIndex int,
	@NumRows int
	--@SearchText nvarchar(1000)
)
AS
 
BEGIN
 
	DECLARE @nSQL nvarchar(1090)
	SET @nSQL = 'SELECT (SELECT COUNT(*) FROM Users WHERE  Status = 1) AS MemberCount'
	EXECUTE sp_executeSQL @nSQL
 
	
	DECLARE @startRowIndex int;
	SET @startRowIndex = (@PageIndex * @NumRows) + 1;
 
	DECLARE @wSQL nvarchar(1090)
	SET @wSQL = 'WITH ItemEntries AS (SELECT ROW_NUMBER() OVER (ORDER BY LastName DESC) AS Row, UserID, FirstName, LastName FROM Users WHERE Status = 1)'
	EXEC sp_executesql @wSQL
	
	SELECT UserID, FirstName, LastName
	FROM ItemEntries
	WHERE Row between 
	@startRowIndex and @StartRowIndex+@NumRows-1
	
END

Open in new window

0
 
LVL 2

Accepted Solution

by:
Deepika_Rastogi earned 125 total points
ID: 21872914
As u r using With clause the select query of the table with which

DECLARE @wSQL nvarchar(1090)
SET @wSQL = 'WITH ItemEntries AS (SELECT ROW_NUMBER() OVER (ORDER BY LastName DESC) AS Row, UserID, FirstName, LastName FROM Users WHERE Status = 1)
SELECT UserID, FirstName, LastName
FROM ItemEntries
WHERE Row between
@startRowIndex and @StartRowIndex+@NumRows-1 '

EXEC sp_executesql @wSQL
      
      



0
 
LVL 2

Expert Comment

by:Deepika_Rastogi
ID: 21872921
Soory

As u r using With clause the select query of the table with which With clase is attached should be embed within the string itself
0
 

Author Closing Comment

by:andysross
ID: 31470462
This solution was great. The only thing I had to do was cast the int's to varchar within the string
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question