Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 dynamic drop table

Author  Topic 

Hienzs
Starting Member

8 Posts
Posted - 2007-01-24 : 14:51:34
Hi

I am trying to use sql injection to create a dynamic drop table statment. I have tried to reformat a bunch of ways but can not get it. What am I doing wrong?

set @sql = 'if exists (select * from dbo.sysobjects where id = object_id(N' + @@tblname + ') and OBJECTPROPERTY(id, N' + 'IsUserTable' + ') = 1)'
drop table @@tblname
execute(@sql)

snSQL
Master Smack Fu Yak Hacker

1837 Posts
Posted - 2007-01-24 : 15:04:32
[code]declare @tblname varchar(200), @sql varchar(4000)
set @tblname = 'a_table'
set @sql = 'if exists (select * from dbo.sysobjects where id = object_id(N'''
+ @tblname + ''') and OBJECTPROPERTY(id, N''IsUserTable'') = 1)'
+ ' drop table ' + @tblname
execute(@sql)[/code]
Go to Top of Page

Hienzs
Starting Member

8 Posts
Posted - 2007-01-24 : 15:07:20
Thanks. works like a charm. I should have asked you guys sooner. Wasted a lot of time trying to figure it out.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site