Reputation: 1
Building a WHERE clause programmatically, then passing it into SQL as a parameter
On my asp.net project, there are instances where a server side filter function in C# is building an SQL WHERE clause, then passing it into an SQL stored procedure for example,
Filter produces a string variable with a value like “WHERE Qty < 5 AND Price > 10”.
The relevant part of the Stored Procedure is like:
Exec (‘
Select Name, Location
From Users
+ ‘@passedInWhereClause’
‘)
As you can see, we have to do an EXEC command on a string built with the passed in variable containing the where clause that was generated by C# code on the server side.
I would really like a way to eliminate the EXEC and make the SQL code look more professional, instead of a giant string wrapped with an EXEC. Is there any better way to do this?
Upvotes: 0
Views: 1652
Answers (2)
Reputation: 247860
No, there is not a better way to do this, as you are building Dynamic SQL to execute.
If you want to do it better, then don't run Dynamic SQL.
The Curse and Blessings of Dynamic SQL
Upvotes: 0
Reputation: 6532
You should consider optional parameters, example
WHERE (@Type = NULL OR @Type = '' OR @Type = Type)
This allows you to pass a NULL or blank to the SP to ignore the where clause, or you pass a value to have the where clause applied.
Upvotes: 1
Related Questions
- C# and SQL dynamic where clause
- How to pass parameter in where clause?
- SQL Server : WHERE argument
- Can you only parameterize the where clause?
- Passing a WHERE clause for a Linq-to-Sql query as a parameter
- What is the correct way to form a parameterized SQL statement in C#
- Parameterize WHERE Clause in Query
- Manipulate optional parameters in the WHERE clause
- Parameterized query with dynamic where clasue
- How could I pass a parameter to a WHERE clause?