I know you said no dynamic SQL
, but I don’t see any way to do it in straight SQL
.
If you check out my answers to similar problems at Pivot Table and Concatenate Columns and PIVOT in sql 2005
The dynamic SQL
there is not vulnerable to injection, and there is no good reason to prohibit it. Another possibility (if the data is changing very infrequently) is to do code-generation – instead of dynamic SQL
, the SQL
is generated to a stored procedure on a regular basis.