[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SQL Server - passing a string paramether to a Stored Proc

Posted on 2009-07-11
3
Medium Priority
?
304 Views
Last Modified: 2012-05-07
I pass a string as a parameter to a stored procedure that should get results but does not..  My SP looks like this

ALTER PROCEDURE [dbo].[spMySP]
      
@items nvarchar(50)
      
AS

SELECT    dayofWeek, anotherItem
  FROM table1

where cast(month(dayofWeek) as nvarchar(20)) in (@items)

END

I get no results regardless of what I pass as a parameter.  For example if i pass '1,2,3' as a parameter, i get nothing.  What the heck have i done wrong?
0
Comment
Question by:BoggyBayouBoy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 600 total points
ID: 24830332
you'll need to do something like this....since it is a list of values, you'll need to use dynamic sql.  you can also use a function to split the values into a table...i'll show you the easier of the two:

declare @x nvarchar(2000)
set @x = 'SELECT    dayofWeek, anotherItem
  FROM table1 where cast(month(dayofWeek) as nvarchar(20)) in (' + @items + ')'

execute sp_executesql @x
0
 
LVL 29

Accepted Solution

by:
Göran Andersson earned 1400 total points
ID: 24830489
The string that you are using in the in clause is not considered to be a list of value, but just a single string.

in( '1,2,3' ) is not the same as in( '1', '2', '3' )

You can split the string into values and put in a temporary table, then join against the table to get the result.

As parsing the string verifies it's contents, it keeps the procedure from being wide open for SQL injection attacks.

alter procedure spMySP
   @items nvarchar(50)
as
 
declare @t table(m int)
declare @pos int
 
while (len(@items) > 0) begin
   set @pos = charindex(',', @items)
   if (@pos = 0) set @pos = len(@items) + 1
   insert into @t values (cast(substring(@items, 0, @pos) as int))
   set @items = substring(@items, @pos + 1, 1000)
end
 
select t1.dayOfWeek, t1.anotheritem
from table1 t1
inner join @t t on month(t1.dayOfWeek) = t.m

Open in new window

0
 
LVL 1

Author Closing Comment

by:BoggyBayouBoy
ID: 31602413
Thanks !  Very nice solutions.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article I will describe the Copy Database Wizard method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question