passing string as a table type from c# code in to stored procedure

Question

I want to pass a table as a string into stored procedure as a parameter and want to retrieve data from that particular table for eg I have made some tables which is year wised like purchase20162017,transfer20162017. so problem is this i have created a dropdown box in which i have shown the years list like 2016-2017,2017-2018,2018-2019 user select the year from the dropdown box and click a button called generate ledger button. so i take a string from this dropdown box like this

string str = DropDownList1.SelectedItem.ToString();
str = str.Replace(@"-", "");
string purdtb = "purchase" + str;

now i have got exact table in purdtb but it is in string, i want to pass this string value as a parameter in stored procedure. Please tell me how to do this so that i can convert this string as a table name.

Answer 1

There are 2 ways.

A) The best one is:

string connectionString =
        ConsoleApplication1.Properties.Settings.Default.ConnectionString;
    //
    // In a using statement, acquire the SqlConnection as a resource.
    //
    using (SqlConnection con = new SqlConnection(connectionString))
    {
        //
        // Open the SqlConnection.
        //
        con.Open();
        //
        // The following code uses an SqlCommand based on the SqlConnection.
        //
        using (SqlCommand command = new SqlCommand("SELECT TOP 2 * FROM Dogs1", con))
        using (SqlDataReader reader = command.ExecuteReader())
        {
            while (reader.Read())
            {
                Console.WriteLine("{0} {1} {2}",
                    reader.GetInt32(0), reader.GetString(1), reader.GetString(2));
            }
        }
    }

In Dogs1 put your table, use variables to modify the query via code. Why you want to put dynamic table names which is pretty awkward in you stored procedures when you can manage everything from the code with a variable?

B) The second way (not good but works):

Use in your stored procedure sp_executesql , pass the table names as parameters and build the query inside the stored procedure as shown in the documentation and catch the result.

This way you can build the query piece by piece and put in it everything you want (except for SQL reserved keyword, with which you should be careful anyway).

declare @SqlString nvarchar(2000)
declare @ParamDef nvarchar(2000)

set @SqlString = N'exec proc1 @param1, @param2, @param3'

set @ParamDef = N'@param1 bit, @param2 bit, @param3 bit'

EXECUTE sp_executesql @SqlString ,@ParamDef, @param1 = 0, @param2 = 1, @param3 = 1

To explain, sp_executesql works something like this

EXECUTE sp_executesql
   N'proc1',                                 -- SQL
   N'@param1 bit, @param2 bit, @param3 bit', -- DECLARE
   @param1 = 0, @param2 = 1, @param3 = 1     -- VALUES

Which gets translated to

EXECUTE sp_executesql
   N'proc1',                                 -- SQL
   N'@param1 bit, @param2 bit, @param3 bit', -- DECLARE
   @param1 = 0, @param2 = 1, @param3 = 1     -- VALUES

-- DECLARE
  declare @param1 bit, @param2 bit, @param3 bit
-- VALUES
  select @param1 = 0, @param2 = 1, @param3 = 1
-- SQL
  proc1

3) Worst scenario:

Calling sp_executesql from C# code via Sqlcommand