WEBINAR:
On-Demand
Application Security Testing: An Integral Part of DevOps
There will be times when you need to pass a list of values as a singular parameter to an SQL Stored Procedure. Problem is: SQL doesn't support this. You will need to create a separate function to split the input (the supplied) string and then pass it to the desired Stored Procedure.
Listing 1. Create the SQL Function that allows us to split the given parameters nicely:
CREATE FUNCTION Split
(
@InputString NVARCHAR(MAX),
@Delimiter CHAR(1)
)
RETURNS @Result TABLE (
Desired NVARCHAR(1000)
)
AS
BEGIN
DECLARE @Start INT, @End INT
SET @StartIndex = 1
IF SUBSTRING(@InputString, LEN(@InputString) - 1, LEN(@InputString)) <> @Delimiter
BEGIN
SET @InputString = @InputString + @Delimiter
END
WHILE CHARINDEX(@Delimiter, @InputString) > 0
BEGIN
SET @End = CHARINDEX(@Delimiter, @InputString)
INSERT INTO @Result(Desired)
SELECT SUBSTRING(@InputString, @Start, @End - 1)
SET @InputString = SUBSTRING(@InputString, @End + 1, LEN(@InputString))
END
RETURN
END
Listing 2. Create the Stored Procedure that can accept comma separated values as one of its parameters:
CREATE PROCEDURE GetStudents
@StudentIDs VARCHAR(100)
AS
BEGIN
SELECT StudentName, StudentSurname
FROM Students
WHERE StudentID IN(
SELECT CAST(Desired AS INTEGER)
FROM dbo.Split(@StudentIDs, ',')
)
END
In the above Stored Procedure, the Function that formats the result gets called. Finally, Execute the Stored Procedure:
EXEC GetStudents '11234,11239,11568,22136'
Visit the DevX Tip Bank