Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
CrazyT
Yak Posting Veteran
73 Posts |
 Posted - 2010-06-30 : 12:48:31
|
| how would i make a table name a variable in a spbasically how would i getselect * from @table + log |
|
|
X002548
Not Just a Number
15586 Posts |
|
|
CrazyT
Yak Posting Veteran
73 Posts |
Posted - 2010-06-30 : 13:07:54
|
| there a bunch of tables where the table name is somename + log.trying to work with the existing code structure |
 |
|
|
CrazyT
Yak Posting Veteran
73 Posts |
Posted - 2010-06-30 : 13:14:55
|
| is there a way to mitigate sql injection |
|
|
|
X002548
Not Just a Number
15586 Posts |
Posted - 2010-06-30 : 13:21:45
|
| [code]DECLARE @suffix varchar(50); SET @Suffix = '_X'DECLARE @table varchar(8000); SET @table = 'RHO'DECLARE @sql varchar(8000); SET @sql = 'SELECT * FROM ' + @table + @suffixIF (SELECT OBJECT_ID(@table+@suffix)) IS NOT NULL EXEC (@sql)ELSE PRINT 'TABLE DOES NOT EXISTS HOMER!'[/code]Brett8-)Hint: Want your questions answered fast? Follow the direction in this linkhttp://weblogs.sqlteam.com/brettk/archive/2005/05/25/5276.aspxAdd yourself!http://www.frappr.com/sqlteam |
|
|
|
jimf
Master Smack Fu Yak Hacker
2875 Posts |
Posted - 2010-06-30 : 13:22:17
|
| This would at least ensure that a valid table name was passed inIF EXISTS(select 1 from sys.objects where object_id(@Table) = object_id)EXEC(@sql)JimEveryday I learn something that somebody else already knew |
|
|
|
|
|
|
table name as variable in sp