| Author |
Topic |
|
medivhk3
Starting Member
4 Posts |
 Posted - 2010-02-17 : 17:38:30
|
| Hello, my problem is as follows:I have to create a stored procedure in which I receive a parameter that contains the name of a table, this parameter must be used to then select all rows from that table, first i thought something like:create procedure sp_GetAllRows @TableName varchar(100)asselect * from @TableNamegowould do the job, but oh well, it didn't (it was too beautiful to be true).Can you guys help me get this done? I'm kinda clueless right now.Thanks in advance |
|
|
medivhk3
Starting Member
4 Posts |
Posted - 2010-02-17 : 18:03:11
|
| Well, now I feel silly, should've read the FAQ sticky before posting... found the answer to my problem here:http://www.sqlteam.com/article/dynamic-sql-or-how-do-i-select-top-var-recordsjust to leave some evidence, my testing of those principles ended up like this:declare @tablename varchar(50)declare @sqlstatement varchar(150)set @tablename = 'Test'set @sqlstatement = 'select * from ' + @tablenameExecute (@sqlstatement) |
 |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
medivhk3
Starting Member
4 Posts |
Posted - 2010-02-17 : 19:25:42
|
| This restriction comes from the architecture itself, in which i can't access the db, or any data, directly, it must be accessed by the classes provided, and to use those classes i must first register a transaction which points to a certain database and a stored procedure. So to get any data, i must first create a SP and then register it, then use it via the classes provided.It's kinda elaborated and it has it's pros and cons, but anyway, that's how i have to work and really there is no way out of it, i appreciate the suggestion. |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-02-18 : 01:25:01
|
| Make sure you read this fullywww.sommarskog.sq/dynamic_sql.htmlMadhivananFailing to plan is Planning to fail |
|
|
|
medivhk3
Starting Member
4 Posts |
Posted - 2010-02-18 : 12:32:17
|
| @tkizer: thought so, sadly, time is of the essence and i can't spend much time figuring out what would be the best way to do that with the best performance, also, in regards of security, what would the risks be? (i could only think of SQL Injection but proper SQL Sanitization methods are in place, or so i've been told -need to check that out)@madhivanan: thanks for the link, though i can't check it out at work, Websense is blocking it, so i'll have to view it at home. |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2010-02-19 : 01:02:29
|
quote:
Originally posted by medivhk3
@tkizer: thought so, sadly, time is of the essence and i can't spend much time figuring out what would be the best way to do that with the best performance, also, in regards of security, what would the risks be? (i could only think of SQL Injection but proper SQL Sanitization methods are in place, or so i've been told -need to check that out)@madhivanan: thanks for the link, though i can't check it out at work, Websense is blocking it, so i'll have to view it at home.
Ask your Network Admin to unblock itMadhivananFailing to plan is Planning to fail |
|
|
|
|
select from a table if it name passed as parameter