SQL Stored Procedure with column name as variable
Question
I really think this is a simple fix, but I didn't find any solution on the Internet (at least none I could understand).
I have this stored procedure:
ALTER PROC [dbo].[GetCard](
@Input varchar(50),
@Input2 varchar(50)
)
AS
SELECT * FROM Main WHERE @Input = @Input2;
But when I go:
GetCard 'CardName', 'Text';
SQL doesn't quite understand that @Input is a column. What do I have to change? Does it need any special syntax?
3 answers
solution1
2 2020-05-20 17:23:43
Build your query string like so (think I've got the single quotes right), and execute it:
SET @qString = 'SELECT * FROM MAIN WHERE ' + QuoteName(@Input) + ' = ''' + @Input2 + ''''
exec(@qString)
As Roman pointed out, be exceedingly careful with dynamic sql. Read up on SQL injection.
solution2
2 ACCPTED 2020-05-20 17:31:58
It is better to use dymamic SQL as Andrew or Roman Czerwinski recommended. But if you don't want to use dynamic SQL then you can use this logic:
ALTER PROC [dbo].[GetCard](
@Input varchar(50),
@Input2 varchar(50)
)
AS
SELECT *
FROM Main
WHERE CardName = case when @Input = 'CardName' then @Input2 else CardName end
and OtherColumn = case when @Input = 'OtherColumn' then @Input2 else OtherColumn end
--etc...
solution3
0 2020-05-20 17:13:15
In your code sample there is no column or parameter or variable with the name @Input1.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.