|
|
sql 2008 Simple Dynamic query
HI all
I am run this simple query on sql 2008 and getting erro
declare @sql as varchar(50)
select @sql='select order_trn.fac_order,order_Trn.article_no from order_trn
where order_trn.fac_order like 'N-5%''
EXEC(@sql)
Please help
thanks
|
|
0
|
|
|
|
Reply
|
 Capri
|
4/13/2010 11:49:18 AM |
|
Hmmm, do you really need dynamic?
select @sql='select order_trn.fac_order,order_Trn.article_no from order_trn
where order_trn.fac_order like ''N-5%'''
See if the above works, I hope you are aware of SQL Injection....
"Capri" <NoEmail@NoDomain.com> wrote in message
news:B7906BDD-68F6-484C-9582-C2FC854F44E2@microsoft.com...
> HI all
>
> I am run this simple query on sql 2008 and getting erro
>
> declare @sql as varchar(50)
>
> select @sql='select order_trn.fac_order,order_Trn.article_no from
> order_trn where order_trn.fac_order like 'N-5%''
>
> EXEC(@sql)
>
>
> Please help
> thanks
>
|
|
|
0
|
|
|
|
Reply
|
Uri
|
4/13/2010 12:01:51 PM
|
|
> select @sql='select order_trn.fac_order,order_Trn.article_no from
> order_trn where order_trn.fac_order like 'N-5%''
You need to double-up single quotes within the string:
select @sql='select order_trn.fac_order,order_Trn.article_no from
dbo.order_trn
where order_trn.fac_order like ''N-5%'''
A better method is specify a parameterized query and execute with
sp_executesql:
DECLARE
@sql nvarchar(max),
@fac_order varchar(10);
SELECT @sql=N'select order_trn.fac_order,order_Trn.article_no from
dbo.order_trn
where order_trn.fac_order like @fac_order';
SET @fac_order = 'N-5%';
EXEC sp_executesql @sql,
N'@fac_order varchar(10)',
@fac_order = @fac_order;
GO
However, I see no need to use a dynamic SQL Statement at all here; a simple
parameterized query should do the job:
DECLARE
@sql nvarchar(max),
@fac_order varchar(10);
SET @fac_order = 'N-5%';
SELECT
order_trn.fac_order,
order_Trn.article_no
FROM dbo.order_trn
WHERE order_trn.fac_order LIKE @fac_order;
See Erland's article on dynamic SQL at
http://www.sommarskog.se/dynamic_sql.html for details.
--
Hope this helps.
Dan Guzman
SQL Server MVP
http://weblogs.sqlteam.com/dang/
"Capri" <NoEmail@NoDomain.com> wrote in message
news:B7906BDD-68F6-484C-9582-C2FC854F44E2@microsoft.com...
> HI all
>
> I am run this simple query on sql 2008 and getting erro
>
> declare @sql as varchar(50)
>
> select @sql='select order_trn.fac_order,order_Trn.article_no from
> order_trn where order_trn.fac_order like 'N-5%''
>
> EXEC(@sql)
>
>
> Please help
> thanks
>
|
|
|
0
|
|
|
|
Reply
|
Dan
|
4/13/2010 12:06:52 PM
|
|
> I am run this simple query on sql 2008 and getting erro
Next time, tell us the exact and complete error message that you are
receiving.
|
|
|
0
|
|
|
|
Reply
|
Scott
|
4/13/2010 12:16:50 PM
|
|
Thank you very much,
"Dan Guzman" <guzmanda@nospam-online.sbcglobal.net> wrote in message
news:ABCF440B-9C4F-4B69-A6AF-9B76312DC1BB@microsoft.com...
>> select @sql='select order_trn.fac_order,order_Trn.article_no from
>> order_trn where order_trn.fac_order like 'N-5%''
>
> You need to double-up single quotes within the string:
>
> select @sql='select order_trn.fac_order,order_Trn.article_no from
> dbo.order_trn
> where order_trn.fac_order like ''N-5%'''
>
> A better method is specify a parameterized query and execute with
> sp_executesql:
>
> DECLARE
> @sql nvarchar(max),
> @fac_order varchar(10);
>
> SELECT @sql=N'select order_trn.fac_order,order_Trn.article_no from
> dbo.order_trn
> where order_trn.fac_order like @fac_order';
>
> SET @fac_order = 'N-5%';
>
> EXEC sp_executesql @sql,
> N'@fac_order varchar(10)',
> @fac_order = @fac_order;
> GO
>
> However, I see no need to use a dynamic SQL Statement at all here; a
> simple parameterized query should do the job:
>
> DECLARE
> @sql nvarchar(max),
> @fac_order varchar(10);
>
> SET @fac_order = 'N-5%';
>
> SELECT
> order_trn.fac_order,
> order_Trn.article_no
> FROM dbo.order_trn
> WHERE order_trn.fac_order LIKE @fac_order;
>
> See Erland's article on dynamic SQL at
> http://www.sommarskog.se/dynamic_sql.html for details.
>
> --
> Hope this helps.
>
> Dan Guzman
> SQL Server MVP
> http://weblogs.sqlteam.com/dang/
>
> "Capri" <NoEmail@NoDomain.com> wrote in message
> news:B7906BDD-68F6-484C-9582-C2FC854F44E2@microsoft.com...
>> HI all
>>
>> I am run this simple query on sql 2008 and getting erro
>>
>> declare @sql as varchar(50)
>>
>> select @sql='select order_trn.fac_order,order_Trn.article_no from
>> order_trn where order_trn.fac_order like 'N-5%''
>>
>> EXEC(@sql)
>>
>>
>> Please help
>> thanks
>>
|
|
|
0
|
|
|
|
Reply
|
Capri
|
4/15/2010 7:04:25 AM
|
|
|
4 Replies
170 Views
(page loaded in 0.78 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
1873 articles. 
5 followers. 