CODEWITHSUNDEEP
sqlt-sqldatestored-procedures
Pomster
Pomster

Reputation: 15197

Stored procedure to select between dates?

I am writing a stored proc to Select information, i would like it to only select between dates?

This is what it looks like now:

ALTER PROCEDURE [dbo].[AutoCompleate] 
 @DateFrom datetime,
 @DateTo datetime,
 @SearchField varchar(50)
 AS

 -- V1.0 : ShaunM : 15 jun 2012
    --  AutoComplete textbox

 exec ('
 SELECT DISTINCT ' +
 @SearchField + ' FROM SchemaAudit 
             ORDER BY ' + @SearchField +' ASC')

I want the select to run for entry's into the database between @DateTo and DateFrom, Does any one know how to do this?

Upvotes: 3

Views: 15686

Answers (4)

Nikola Markovinović
Nikola Markovinović

Reputation: 19346

Instead of exec you should be using sp_executesql which allows for use of parameters, avoiding a risk of Sql injection and avoiding potential issues with dates passed as strings. First parameter is a query, second is a list of parameters and their types and the rest are parameter values. 

alter PROCEDURE [dbo].[AutoCompleate] 
     @DateFrom datetime,
     @DateTo datetime,
     @SearchField varchar(50)
     AS

     -- V1.0 : ShaunM : 15 jun 2012
        --  AutoComplete textbox

    declare @sql nvarchar(max)
    set @sql = 'SELECT DISTINCT ' 
             + quotename(@SearchField)
             + ' FROM SchemaAudit'
             + ' WHERE [Date] between @from AND @to ORDER BY '
             + quotename(@SearchField)
             + ' ASC'

     exec sp_executesql @sql, 
                        N'@from datetime, @to datetime', 
                        @from = @DateFrom, @to = @DateTo

Now, about start and end dates, what exactly you want to do?

Upvotes: 4

Habib
Habib

Reputation: 223187

Use BETWEN

Where StartDate BETWEEN @DateFrom and @DateTo

EDIT: As Nalaka526 pointed out, I missed the EndDate, You can't use BETWEEN with two fields, You need to cast it to varchar and use >= and <= to compare between the range. Curt solution is doing that. 

 WHERE StartDate >= ' + Convert(varchar(20),@DateFrom) + 'AND EndDate >= ' + Convert(varchar(20),@DateTo) + '

Upvotes: 2

podiluska
podiluska

Reputation: 51494

Ignoring the fact that this technique could leave you vulnerable to a SQL injection attack, you need to use Convert to convert the date to a varchar

Convert(varchar(20), DateTime, 111)

Upvotes: -1

Curtis
Curtis

Reputation: 103338

You would need to CAST the date parameters as varchar:

exec ('
     SELECT DISTINCT ' +
     @SearchField + ' FROM SchemaAudit WHERE StartDate >= "' + CAST(@DateFrom as varchar(20)) + '" AND EndDate >= "' + CAST(@DateTo as varchar(20)) + '"
                 ORDER BY ' + @SearchField +' ASC')

Upvotes: 1

Related Questions