December 7, 2013 at 10:30 am
hi
i have a stored proc which is used to make updates and inserts to a table passed in as a string variable.
so...
create proc myproc (@basetable as varchar(255))
as
-- update
update @baseTable
set Quantity = s.Quantity
from @baseTable p, @stageTbl s
where p.TimeKey = s.TimeKey and p.AccountId = s.AccountId and p.StockId=s.StockId
...but i get the following error: Must declare the table variable "@baseTable"
can i do this without using dynamic sql?
thanks
December 9, 2013 at 3:33 pm
No, you cannot use it like that
you are going to have to use Dynamic SQL and exec command to accomplish this type of commands
December 10, 2013 at 4:30 pm
PravB4u (12/10/2013)
DECLARE @sql varchar(max)
SET @sql = 'Update '+ @baseTable +' set Quantity = s.Quantity
from ' + @baseTable +' p , '+ @stageTbl +' s
where p.TimeKey = s.TimeKey and p.AccountId = s.AccountId and p.StockId=s.StockId'
EXEC (@sql)
Just to emphasize what John Mitchell posted above...
This is actually some of the most dangerous code in the whole world because it concatenates user input. Please do a search on SQL Injection both in Books Online and on the web.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply