Solved

Sql Server -  input parameter for query

Posted on 2015-01-20
3
103 Views
Last Modified: 2015-02-01
Hi,

   I have a simple requirement .

     I need to run a query on sql server studio

     How can I use an input variable to declare the Tablename I query

        I was looking something like  select  * from  @MyTable
       But looks like this is not possible (Sql Injection?) , Is there any alternative?
0
Comment
Question by:Sam OZ
3 Comments
 
LVL 65

Accepted Solution

by:
Jim Horn earned 300 total points
ID: 40559808
Here you go, but the obvious question is why do you want to do this?
CREATE PROC your_proc (@table_name varchar(100)) AS

Declare @sql varchar(1000) 
SELECT @sql = 'SELECT * FROM ' + @table_name

exec sp_executesql @sql
GO

Open in new window

0
 
LVL 50

Expert Comment

by:Lowfatspread
ID: 40559878
you could do it like that but its not advisable...

could you elaborate on why you think select * from "tobeadvisedtable" is a simple requirement....

and why you want to use studio to do it?

realistically how many tables and what sizes are you wanting to access (and what do you intend to do with the results)
0
 
LVL 69

Assisted Solution

by:ScottPletcher
ScottPletcher earned 200 total points
ID: 40560080
If you're gonna do this, you might as well add more flexibility into it, such as optionally allowing db name and/or schema name to be specified, as well as a row count (to generate a "TOP (nnn)" expression if needed).


DECLARE @MyTable varchar(1000)
DECLARE @exec_sql bit
DECLARE @rowcount int
DECLARE @column_list varchar(5000)

SET @MyTable = 'table_name'
--SET @MyTable = 'db_name.schema_name.table_name'
SET @exec_sql = 1
--SET @rowcount = 10
--SET @column_list = 'id, customerNumber'

------------------------------------------------------------------------------------------------------------------------

DECLARE @sql varchar(8000)

SET @sql = 'SELECT ' +
    CASE WHEN @rowcount > 0 THEN 'TOP (' + CAST(@rowcount AS varchar(10)) + ') ' ELSE '' END +
    ISNULL(@column_list, '*') +
    ' FROM ' +
    ISNULL('[' + PARSENAME(@MyTable, 3) + '].', '') +
    ISNULL('[' + PARSENAME(@MyTable, 2) + '].', CASE WHEN PARSENAME(@MyTable, 3) IS NULL THEN '' ELSE '.' END) +
    '[' + PARSENAME(@MyTable, 1) + ']'

PRINT @sql
IF @exec_sql > 0
    EXEC(@sql)
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now