| Author |
Topic |
|
infodemers
Posting Yak Master
183 Posts |
 Posted - 2010-01-07 : 20:41:41
|
| Hi,Is is possible to create a where clause using a variable,like for example: Declare @strSQL varchar(1000)set @strSQL = 'companyID = 2'Select * from customers where @strSQLThanks! |
|
|
khtan
In (Som, Ni, Yak)
17689 Posts |
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-01-08 : 02:14:47
|
quote:
Originally posted by infodemers
Hi,Is is possible to create a where clause using a variable,like for example: Declare @strSQL varchar(1000)set @strSQL = 'companyID = 2'Select * from customers where @strSQLThanks!
Seems a better way for SQL Injection  MadhivananFailing to plan is Planning to fail |
 |
|
|
khtan
In (Som, Ni, Yak)
17689 Posts |
Posted - 2010-01-08 : 02:19:49
|
http://xkcd.com/327/
KH[spoiler]Time is always against us[/spoiler] |
|
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2010-01-08 : 02:28:04
|
quote:
Originally posted by infodemers
Hi,Is is possible to create a where clause using a variable,like for example: Declare @strSQL varchar(1000)set @strSQL = 'companyID = 2'Select * from customers where @strSQLThanks!
why do you want to pass conditions like this? |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-01-08 : 02:43:41
|
quote:
Originally posted by khtan
http://xkcd.com/327/
KH[spoiler]Time is always against us[/spoiler]
 MadhivananFailing to plan is Planning to fail |
|
|
|
infodemers
Posting Yak Master
183 Posts |
Posted - 2010-01-08 : 08:05:13
|
Because depending on what the value is passed to the stored procedure, the where clause may need to be changed.quote:
Originally posted by visakh16
quote:
Originally posted by infodemers
Hi,Is is possible to create a where clause using a variable,like for example: Declare @strSQL varchar(1000)set @strSQL = 'companyID = 2'Select * from customers where @strSQLThanks!
why do you want to pass conditions like this?
|
|
|
|
DP978
Constraint Violating Yak Guru
269 Posts |
Posted - 2010-01-08 : 08:36:52
|
| Can you make yoru where clause sort of conditional...like:Select * From Customers Where(companyId = 2 and condition2_1 and condition2_2 .... condition2_N)or (companyId = 3 and condition3_1 and condition3_2 .... condition3_N)or(companyId = 4 and condition3_1 and condition3_2 .... condition3_N)....or(companyId = M and conditionM_1 and conditionM_2 .... conditionM_N)this would get around your method as long as you were ensured one of the company IDs. |
|
|
|
infodemers
Posting Yak Master
183 Posts |
Posted - 2010-01-08 : 08:41:10
|
I get what you mean and I will give it a try....Thanks for your suggestion! quote:
Originally posted by DP978
Can you make yoru where clause sort of conditional...like:Select * From Customers Where(companyId = 2 and condition2_1 and condition2_2 .... condition2_N)or (companyId = 3 and condition3_1 and condition3_2 .... condition3_N)or(companyId = 4 and condition3_1 and condition3_2 .... condition3_N)....or(companyId = M and conditionM_1 and conditionM_2 .... conditionM_N)this would get around your method as long as you were ensured one of the company IDs.
|
|
|
|
|
Where clause with @strSQL