开发者

How do I pass a column as a parameter in Stored Procedure?

问答 作者:

How do I pass and use the column name to retrieve a bigint variable in开发者_运维问答 the actual column?

DECLARE @personID BIGINT,
DECLARE @queryString varchar(500)

Set @queryString = 'Select @personID = ' + @PersonColumnID + ' from dbo.Loss_Witness where WitnessID = @witnessID'
exec(@queryString)

Error message states "Must declare variable '@personID'." I also tried 

Set @queryString = 'Select ' + @personID + ' = ' + @witnessPersonID + ' from dbo.Loss_Witness where WitnessID = @witnessID'

And got the error message "Error converting data type varchar to bigint."

Any thoughts?

You need to specify that @personID is an out parameter with the OUTPUT keyword:

DECLARE @SQL NVARCHAR(max)
    SET @SQL = 'SELECT @personID = w.' + @PersonColumnID + ' 
                  FROM dbo.Loss_Witness w
                 WHERE w.witnessID = @witnessID '

BEGIN 

  EXEC sp_executesql @SQL, @personID = @personID OUTPUT, @witnessID

END

There's another example here.

Also note that there is potentially an SQL Injection security hole in your code. If you're not sanitizing @PersonColumnID then you could be in big trouble.

继续阅读:dynamic-sqlsqlsql-serversql-server-2005tsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9