Solved

SQL Server - passing a string paramether to a Stored Proc

Posted on 2009-07-11
3
249 Views
Last Modified: 2012-05-07
I pass a string as a parameter to a stored procedure that should get results but does not..  My SP looks like this

ALTER PROCEDURE [dbo].[spMySP]
      
@items nvarchar(50)
      
AS

SELECT    dayofWeek, anotherItem
  FROM table1

where cast(month(dayofWeek) as nvarchar(20)) in (@items)

END

I get no results regardless of what I pass as a parameter.  For example if i pass '1,2,3' as a parameter, i get nothing.  What the heck have i done wrong?
0
Comment
Question by:BoggyBayouBoy
3 Comments
 
LVL 60

Assisted Solution

by:chapmandew
chapmandew earned 150 total points
ID: 24830332
you'll need to do something like this....since it is a list of values, you'll need to use dynamic sql.  you can also use a function to split the values into a table...i'll show you the easier of the two:

declare @x nvarchar(2000)
set @x = 'SELECT    dayofWeek, anotherItem
  FROM table1 where cast(month(dayofWeek) as nvarchar(20)) in (' + @items + ')'

execute sp_executesql @x
0
 
LVL 29

Accepted Solution

by:
Göran Andersson earned 350 total points
ID: 24830489
The string that you are using in the in clause is not considered to be a list of value, but just a single string.

in( '1,2,3' ) is not the same as in( '1', '2', '3' )

You can split the string into values and put in a temporary table, then join against the table to get the result.

As parsing the string verifies it's contents, it keeps the procedure from being wide open for SQL injection attacks.

alter procedure spMySP

   @items nvarchar(50)

as
 

declare @t table(m int)

declare @pos int
 

while (len(@items) > 0) begin

   set @pos = charindex(',', @items)

   if (@pos = 0) set @pos = len(@items) + 1

   insert into @t values (cast(substring(@items, 0, @pos) as int))

   set @items = substring(@items, @pos + 1, 1000)

end
 

select t1.dayOfWeek, t1.anotheritem

from table1 t1

inner join @t t on month(t1.dayOfWeek) = t.m

Open in new window

0
 
LVL 1

Author Closing Comment

by:BoggyBayouBoy
ID: 31602413
Thanks !  Very nice solutions.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now