How to write SQL query in Database environment, the query is parameterized eg: select * from account where accno=x x: has to be taken from an Input box

  • Interview Candidate
  • 2
  • 1542

Showing Answers 1 - 2 of 2 Answers

sway

  • Apr 18th, 2006
 

--I read somewhere about the following query.

--But this is not secure since  @tableName can be replaced by anything

CREATE PROCEDURE dbo.getTable
@tableName varchar(50)
,@fieldName varchar(20) = NULL
,@value varchar(20) = @fieldName
AS
IF @fieldName = NULL
BEGIN
EXEC ('SELECT * FROM '+ @tableName)
END
ELSE
BEGIN
EXEC ('SELECT * FROM ' + @tableName + ' WHERE ' + @fieldName + ' = "' + @value + '" ')
END
GO

  Was this answer useful?  Yes

amrita sinha

  • May 8th, 2006
 

Its very simple

write a procedure which will build a runtime SQL for you.

try this

create or replace procedure P_For_Test(PIN_ACCOUNT_NO number)

IS

strSQl varchar2(1000);

begin

strsql := ' ';

strsql := strsql ||'select * from <table name> where acc_no = ' || 

write a procedure which will build a runtime SQL for you.

try this

create or replace procedure P_For_Test(PIN_ACCOUNT_NO number)

IS

strSQl varchar2(1000);

begin

strsql := ' ';

strsql := strsql ||'select * from <table name> where acc_no = ' || PIN_ACCOUNT_NO

execute immediate strsql ;

end;

using this method u can build a runtime query and execute it . The most interesting fact is that u can run a DML statement in PL/SQL using this method.

bye

  Was this answer useful?  Yes

Give your answer:

If you think the above answer is not correct, Please select a reason and add your answer below.

 

Related Answered Questions

 

Related Open Questions