November 17, 2013 at 4:25 pm
Hi Professionals
I am trying to write a variable with column headings to a text file but it does not seem to be working and I am not sure where I am going wrong.
It creates a file called file.txtsoftwaremanufacturer and inside the file is the rest of the parameter 'productname','productversion','licensable'
here is my code
alter procedure [dbo].[extractnewheadings]
@importedquery nvarchar(1000)
as
begin
Declare @sCmd varchar(256)
--set @importedquery = REPLACE(@importedquery,',', ''',''' );
--print @importedquery
SET @sCmd = 'echo > C:\inetpub\wwwroot\cleansed\file.txt' + @importedquery + ''
exec master..xp_cmdshell @sCmd, no_output
end
exec extractnewheadings 'softwaremanufacturer,productname,productversion,licensable'
November 17, 2013 at 9:55 pm
Try this for your command...
SET @sCmd = 'echo ' + @importedquery + ' > "C:\inetpub\wwwroot\cleansed\file.txt"'
Also, you should check any such concatenated variables for "DOS Injection" just like you would for "SQL Injection".
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply