using UPDATE in SQL?

  • Can anyone help I'm trying to update a table on my SQL server, the line of code I'm using in the stored procedure is the following

     

    CREATE  PROCEDURE spSaveDaysArea  @sName as VarChar(200),@sArea as VarChar(100), @sDate1 as VarChar(20)

    AS

     

    declare @sql as varchar(5000)

    set @sql = 'update [TI Work] set [' + @sArea + ']' +' =  [' + @sName + ']  where [date1] =  ' + @sDate1 + ''

    exec (@sql)

    GO

     

    but I'm getting an invalid colomn error, any ideas?

  • The Curse and Blessings of Dynamic SQL

    Why are you using dynamic sql for this???

  • because I'm using a vairable for the field name

  • Ok, why using dynamic field names??

    Did you read the link?

  • I did actually read the link before posting my question on the forum, I couldn't see anything that could help me, I'm just starting out using an SQL server and I'm in the process of converting some of my program in VB to use this

  • k, Go back one step. What problem are you trying to solve using this sp?

  • I'm trying to update a database using VB and passing the name of the field and the data I want to put in that particular field, if that makes sence, incidently the field @sDate1  is a date/time field

  • Not the way you're doing it. You should use static sql for this.

    UPDATE dboTable set Col1 = @Param1, Col2 = @Param2 where DateKey = @DateVariable

  • I've actually got it working. At Last !!!

    here's what I used :-

     

    CREATE  PROCEDURE spSaveDaysArea  @sName as VarChar(200),@sArea as VarChar(100), @sDate1 as VarChar(100)

    AS

    declare @sql as varchar(5000)

    set @sql = 'update [TI Work] set ['+ @sArea +']' + ' =  '''+ @sName +'''  where [date1] =  ''' + @sDate1 + ''' '

    exec (@sql)

    GO

     

    Many thanks for the assistance

  • Let me rephrase what I meant this whole time in clearer terms.

    1 - You totally missed out the real point of store procs.

    2 - You're going against every best practices in the book.

    3 - Your server is now prone to sql injection attacks meaning that someone can take control of the compagny you are working for and YOU'RE RESPONSIBLE OF THAT.

    Now go read the freaking link I gave you and ask question if you don't understand how to do that update.

  • what do you mean by prone to sql injection attacks ?

  • READ THE LINK.

    The Curse and Blessings of Dynamic SQL

    and don't ever lie to me again... I'll still know it.

  • You have excellent diplomacy skills Remi! 

     

    (oh, crum...., do you think he will know I lie to him as well?) 

     

    I wasn't born stupid - I had to study.

  • hear, hear

  • Not a diplomate.

    Not gonna stand having someone blatantly lie to me and expect me to be nice about it.

Viewing 15 posts - 1 through 15 (of 32 total)

You must be logged in to reply to this topic. Login to reply