Why shouldn't I use dynamic SQL? What is the alternative?!!

Question

Why shouldn't I use dynamic SQL? What is the alternative?!!

gregory.perry2

SSChasing Mays

Points: 638
More actions
November 15, 2011 at 10:46 am

#247814

I have a stored procedure that has table name as one of it's parameters and I want to be able to execute a select statement using a string variable with the table name.
Here is a bit of my code
--Here is the call
EXEC spGetHeader 'DP5116', 2
--Here's the Procedure
CREATE PROCEDURE [dbo].[spGETHEADER_New2]
(@ATTUID VARCHAR(10),
@MonthNum int
)
AS
DECLARE @VPATTUID VARCHAR(10)
DECLARE @SQL1 VARCHAR(1000)
DECLARE @MonthVar VARCHAR(20)
-- Insert statements for procedure here
SET @MonthVar = (Select tblName from dbo.tbl_CDE_MultiMonth WHERE tblIndex = @MonthNum)
SET @SQL1 = '(SELECT VP_ATTUID FROM ' + @MonthVar + ' WHERE ATTUID = ''' + @ATTUID + ''')'
SET @VPATTUID = EXEC(@SQL1)
When I run this code I get the following error:
"Incorrect syntax near the keyword 'EXEC'."
Can anyone tell me what I'm doing wrong? Everything that I've been reading tells me that Dynamic SQL is a bad idea, but what's the alternative?
Thanks for any help from this forum,
Greg

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply

Evil Kraig F SSC Guru Points: 100851 More actions · Answer 1

For your first question, the reason to avoid dynamic sql is twofold. First is security, dynamic SQL is ripe for risk if you don't handle it properly. The second is cache and plan optimization and using enforced parameterization to help deal with constant recompiles.

For the second question...

You can't use EXEC that way, as the right side of an equation. You'll need to use sp_executeSQL and use output parameters.

- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA

gregory.perry2 SSChasing Mays Points: 638 More actions · Answer 2

Ok, I have seen some samples of this method. But do you know a better way for me to approach this other than using Dynamic SQL?

Lowell SSC Guru Points: 323518 More actions · Answer 3

how many values are in dbo.tbl_CDE_MultiMonth, which is where you were gettting the tablenames from?

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

gregory.perry2 SSChasing Mays Points: 638 More actions · Answer 4

18 records (One entry form each month going back 18 months).

Lowell SSC Guru Points: 323518 More actions · Answer 5

well, i would consider creating a view that pulls all 18 tables together...

then the proc can select directly from the view and contine from there.

depedning on what you are doing with the @VPATTUID variable in the rest of the procedure,, a CTE might be better.

CREATE VIEW dbo.vw_CDE_MultiMonth

AS

SELECT 1 AS MonthVar,ColumnList From tblName1 UNION ALL

SELECT 2 AS MonthVar,ColumnList From tblName2 UNION ALL

--...

SELECT 18 AS MonthVar,ColumnList From tblName18

GO

CREATE PROCEDURE [dbo].[spGETHEADER_New2]

( @ATTUID VARCHAR(10),

@MonthNum int

)

AS

DECLARE @VPATTUID VARCHAR(10)

SELECT @VPATTUID = VP_ATTUID

FROM dbo.vw_CDE_MultiMonth

WHERE MonthNum=@MonthNum

AND ATTUID = @ATTUID

--continue the rest of the processing

Lowell

--help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

Evil Kraig F SSC Guru Points: 100851 More actions · Answer 6

Lowell (11/15/2011)
well, i would consider creating a view that pulls all 18 tables together...
then the proc can select directly from the view and contine from there.

Good call Lowell, I hadn't realized this was basically a partitioned view. Didn't read that far into it, nice catch.

Check out this link: http://msdn.microsoft.com/en-us/library/ms190019.aspx

- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA

gregory.perry2 SSChasing Mays Points: 638 More actions · Answer 7

You guys are Awesome!! Thanks for the suggestions, I will re work my stored procedure this way and use this technique going forward.

I really appreciate the help!!:cool:

Evil Kraig F SSC Guru Points: 100851 More actions · Answer 8

gregory.perry2 (11/15/2011)
You guys are Awesome!! Thanks for the suggestions, I will re work my stored procedure this way and use this technique going forward.
I really appreciate the help!!:cool:

No problem, and it's our pleasure. C'mon back when you reach head-desk levels with partitioned views and crappy execution plans. It can take a few times to really get it depending on how complex you make it, so don't feel bad about asking questions.

... and remember to enforce constraints on the base tables so you can kill one of the usual worst offenders right out of the gate.

- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA