This should be simple, but...
I want to create a table in a stored proc using a variable name instead of something hard coded. I was hoping to do something like....
CREATE PROCEDURE foo
-- Add the parameters for the stored procedure here
@.TableName char = null
AS
BEGIN
SET NOCOUNT ON;
CREATE TABLE @.TableName (
[HRMONTH] [int] NULL,
[HRYEAR] [int] NULL
) ON [PRIMARY]
But no combination of names '@.'s, etc, allows me to use a variable name that I passed into the procedure. What am I missing? I will either receive a syntax error or the procedure will create a table called TableName rather than whatever TableName really stands for...
Thanks,
Tom
DECLARE @.ExecSQL NVARCHAR(300SET @.ExecSQL = "CREATE TABLE @.TableName ..."
EXECUTE @.ExecSQL @.TableName
Remember that all variables have to be NVARCHAR and not VARCHAR. Also the exact syntax might be a bit off. In hat case use this as a reference. Hope this helps.|||
>>Remember that all variables have to be NVARCHAR and not VARCHAR
This is only true for sp_executesql, exec dynamic sql works with varchar also take a look at this example
declare @.table varchar(49),@.sql varchar(500)
select @.table ='Orders2006'
select @.sql = 'create table ' + @.table + '(id int)'
exec (@.sql)
exec('insert ' + @.table + ' values(1)')
exec('select * from ' + @.table)
Denis the SQL Menace
http://sqlservercode.blogspot.com/
|||Ahh. One thing to note about the above method is that I believe it may allows for more potentials for sql injections - may not be an issue with this but with queries and etc I believe it shoudl be avoided as opposed to the other method due to these security restrictions related to sql injection/execution.|||There is always this
The Curse and Blessings of Dynamic SQL
http://www.sommarskog.se/dynamic_sql.html
It deals with the whole thing, injections, permissions etc etc
Denis the SQL Menace
http://sqlservercode.blogspot.com/
|||Thanks for the responses. This worked well, until I read the article in the previous post. So, maybe this wasn't such a hot idea...
Thanks again,
Tom
|||One way is to take below approach which doesn't require dynamic SQL:
create table _tmp (
...
)
exec sp_rename _tmp, @.name_passed_to_proc
No comments:
Post a Comment