user384080
Reputation: 4692
how to solve parameter in sp_executesql
I have the following query:
create proc [dbo].GetCustById
as
DECLARE @sql nvarchar(500)
DECLARE @Param nvarchar(200)
SET @sql = 'select @columnName from customer where custId = @custId'
SET @Param = N'@columnName varchar(10), @custId int'
EXEC sp_executesql @sql, @Param , @columnName = 'Address1', @custId = '42'
But it always return a string "Address1" instead of the value of Address1 column. Anyone can help?
thanks
Upvotes: 1
Views: 2190
Answers (1)
OMG Ponies
Reputation: 332531
A parameter is immediately escaped based on the data type--that's why you're getting the value "Address1" returned rather than the actual value for the column.
Submit the column name not as a parameter, but as a concatenated string:
DECLARE @sql nvarchar(500)
DECLARE @Param nvarchar(200)
SET @sql = 'select '+ @columnName +' from customer where custId = @custId'
SET @Param = N'@custId int'
EXEC sp_executesql @sql, @Param , @custId = 42
Read more about the behavior here.
The only other alternative I'm aware of requires that you use decision logic to redirect to a query where the column name is statically defined:
IF @columname = 'Address1'
BEGIN
SET @sql = 'select Address1 from customer where custId = @custId'
END
Upvotes: 2
Related Questions
- Cannot pass column name as parameter to sp_executesql
- T-SQL: How to use parameters in dynamic SQL?
- variables in sp_executesql
- Passing parameters into sp_executesql
- Dynamic Query does not work
- sp_ExecuteSql: The parameterized query expects the parameter @XX, which was not supplied
- Dynamic SQL is correct, but SP_EXECUTESQL will not execute it?
- sp_executesql with parameters syntax error
- Problem with parameters passing in dynamic t-sql
- Dynamic SQL sp_executesql problem