Dynamic SQL (passing table name as parameter)

by

Well, firstly you’ve omitted the ‘+’ from your string. This way of doing things is far from ideal, but you can do

DECLARE @SQL varchar(250)
SELECT @SQL = 'SELECT * FROM ' + QuoteName(@Alias)
Exec(@SQL)

I’d strongly suggest rethinking how you do this, however. Generating Dynamic SQL often leads to SQL Injection vulnerabilities as well as making it harder for SQL Server (and other DBs) to work out the best way to process your query. If you have a stored procedure that can return any table, you’re really getting virtually no benefit from it being a stored procedure in the first place as it won’t be able to do much in the way of optimizations, and you’re largely emasculating the security benefits too.

More Related Contents:

  1. SQL Server – error when creating stored procedure
  2. How can foreign key constraints be temporarily disabled using T-SQL?
  3. Insert multiple rows WITHOUT repeating the “INSERT INTO …” part of the statement?
  4. How can I escape square brackets in a LIKE clause?
  5. Does T-SQL have an aggregate function to concatenate strings? [duplicate]
  6. Parameter Sniffing (or Spoofing) in SQL Server
  7. SQL Server String or binary data would be truncated
  8. How to change identity column values programmatically?
  9. SQL Server Regular expressions in T-SQL
  10. Maximum size of a varchar(max) variable
  11. best way to convert and validate a date string
  12. Concatenating Column Values into a Comma-Separated List
  13. Hidden Features of SQL Server
  14. SQL Server 2008 Empty String vs. Space
  15. How to set a default value for an existing column
  16. Need a datetime column in SQL Server that automatically updates when the record is modified
  17. How do I find a stored procedure containing ?
  18. WHERE clause on SQL Server “Text” data type
  19. Return all possible combinations of values on columns in SQL
  20. SQL to find first non-numeric character in a string
  21. Get ROWS as COLUMNS (SQL Server dynamic PIVOT query)
  22. SQL Server 2008 – How do i return a User-Defined Table Type from a Table-Valued Function?
  23. Check if a string contains a substring in SQL Server 2005, using a stored procedure
  24. Cannot bulk load. Operating system error code 5 (Access is denied.)
  25. comparing a column to a list of values in t-sql
  26. Does query plan optimizer works well with joined/filtered table-valued functions?
  27. How to set value to variable using ‘execute’ in t-sql?
  28. Update SQL with consecutive numbering
  29. T-SQL for finding Redundant Indexes
  30. Count number of records returned by group by

Leave a Comment