Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Mindhunter74
Starting Member
2 Posts |
 Posted - 2009-06-06 : 14:02:14
|
| set ANSI_NULLS ONset QUOTED_IDENTIFIER ONgoALTER Proc [dbo].[DSelection]@company_id intasdeclare @SQL nvarchar(1000)SELECT @SQL ='SELECT bus.idFROM busWHERE ( bus.company_id = ' + @company_id + ')'exec (@SQL)When I execute the above stored procedure with the following:USE [Reservation]GODECLARE @return_value intEXEC @return_value = [dbo].[DSelection] @company_id =2SELECT 'Return Value' = @return_valueGOI get the following error:Msg 245, Level 16, State 1, Procedure DSelection, Line 7Conversion failed when converting the varchar value 'SELECT bus.idFROM busWHERE ( bus.company_id = ' to data type int.Could you please help me with this problem?Thank you. |
|
|
Mindhunter74
Starting Member
2 Posts |
Posted - 2009-06-06 : 14:09:42
|
| I got it.Just used convert(nvarchar, @company_id) instead of @company_id |
 |
|
|
X002548
Not Just a Number
15586 Posts |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2009-06-07 : 03:00:51
|
quote:
Originally posted by Mindhunter74
I got it.Just used convert(nvarchar, @company_id) instead of @company_id
what's the need of dynamic sql in above procedure? what do you pass as value for company_id parameter? |
|
|
|
webfred
Master Smack Fu Yak Hacker
8781 Posts |
Posted - 2009-06-07 : 09:03:27
|
There is no need for dynamic sql in your given example.Just use:SELECT bus.idFROM busWHERE bus.company_id = @company_idGreetingsWebfred
No, you're never too old to Yak'n'Roll if you're too young to die. |
|
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2009-06-07 : 13:17:56
|
| also use of dynamic sql will increases the chance of sql injection attacks. |
|
|
|
|
|
|
Dynamic SQL Problem