Solved

Sql Server -  input parameter for query

Posted on 2015-01-20
3
104 Views
Last Modified: 2015-02-01
Hi,

   I have a simple requirement .

     I need to run a query on sql server studio

     How can I use an input variable to declare the Tablename I query

        I was looking something like  select  * from  @MyTable
       But looks like this is not possible (Sql Injection?) , Is there any alternative?
0
Comment
Question by:Sam OZ
3 Comments
 
LVL 65

Accepted Solution

by:
Jim Horn earned 300 total points
ID: 40559808
Here you go, but the obvious question is why do you want to do this?
CREATE PROC your_proc (@table_name varchar(100)) AS

Declare @sql varchar(1000) 
SELECT @sql = 'SELECT * FROM ' + @table_name

exec sp_executesql @sql
GO

Open in new window

0
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 40559878
you could do it like that but its not advisable...

could you elaborate on why you think select * from "tobeadvisedtable" is a simple requirement....

and why you want to use studio to do it?

realistically how many tables and what sizes are you wanting to access (and what do you intend to do with the results)
0
 
LVL 69

Assisted Solution

by:Scott Pletcher
Scott Pletcher earned 200 total points
ID: 40560080
If you're gonna do this, you might as well add more flexibility into it, such as optionally allowing db name and/or schema name to be specified, as well as a row count (to generate a "TOP (nnn)" expression if needed).


DECLARE @MyTable varchar(1000)
DECLARE @exec_sql bit
DECLARE @rowcount int
DECLARE @column_list varchar(5000)

SET @MyTable = 'table_name'
--SET @MyTable = 'db_name.schema_name.table_name'
SET @exec_sql = 1
--SET @rowcount = 10
--SET @column_list = 'id, customerNumber'

------------------------------------------------------------------------------------------------------------------------

DECLARE @sql varchar(8000)

SET @sql = 'SELECT ' +
    CASE WHEN @rowcount > 0 THEN 'TOP (' + CAST(@rowcount AS varchar(10)) + ') ' ELSE '' END +
    ISNULL(@column_list, '*') +
    ' FROM ' +
    ISNULL('[' + PARSENAME(@MyTable, 3) + '].', '') +
    ISNULL('[' + PARSENAME(@MyTable, 2) + '].', CASE WHEN PARSENAME(@MyTable, 3) IS NULL THEN '' ELSE '.' END) +
    '[' + PARSENAME(@MyTable, 1) + ']'

PRINT @sql
IF @exec_sql > 0
    EXEC(@sql)
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now