Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.

Tip of the Day
Language: Enterprise
Expertise: Beginner
Feb 20, 2002



Application Security Testing: An Integral Part of DevOps

Dynamic SQL Queries in a Stored Procedure

Dynamic SQL queries allow users to create statements on the fly using parameters or variables. The EXECUTE (EXEC) statement is used to implement dynamic SQL solutions in the stored procedure. The statement takes both character strings and variables as parameter. In addition, users can use multiple variables to concatenate together and produce a single statement.

For example, to get all of the records from a movies table, you would normally first use a static SQL:
CREATE PROC [my_movies]
SELECT * FROM movies

CREATE PROC [my_movies]
EXEC('SELECT * FROM movies')

However, the above statements could be replaced by stored procedures which use dynamic SQL:
CREATE PROC [my_movies]
DECLARE @sqlString varchar(100)
SET @sqlString = 'SELECT * FROM movies'

CREATE PROC [my_movies]
DECLARE @sqlString1 varchar(100)
DECLARE @sqlString2 varchar(100)
SET @sqlString1 = 'SELECT * FROM '
SET @sqlString2 = 'movies'
EXEC(@sqlString1 + @sqlString2)

Dynamic SQL queries are useful in many situations, but remember the SQL Query analyzer does not always optimize them. That's why you should use them only when it's required.
Manish Vashistha
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date