Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
BruceT
Yak Posting Veteran
78 Posts |
 Posted - 2012-02-07 : 13:50:43
|
| Hi,Is it true that you can't use parameters with sp_executesql and a DDL statement?This for example throws an error.exec sp_executesql N'create view dbo.v_test as select * from sometable st where st.user = @P1',N'@P1 char(18)','dba'But, this works okexec sp_executesql N'create view dbo.v_test as select * from sometable st where st.user = ''dba'''And did the do that to prevent SQL injection?Thanks |
|
|
Kristen
Test
22859 Posts |
Posted - 2012-02-07 : 14:02:19
|
| WHERE st.user = @P1makes no sense for a CREATE VIEW, that's why it is not working as you have described it. |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2012-02-07 : 14:03:19
|
| views cant have parameters. then it should be procedure or function instead------------------------------------------------------------------------------------------------------SQL Server MVPhttp://visakhm.blogspot.com/ |
|
|
|
BruceT
Yak Posting Veteran
78 Posts |
Posted - 2012-02-07 : 14:10:01
|
quote:
Originally posted by Kristen
WHERE st.user = @P1makes no sense for a CREATE VIEW, that's why it is not working as you have described it.
Well, how numb was that! Duh! Brain cramp! I'm too young to have senior moments!!! This is code being generated behind the scenes by SDAC and I just wasn't seeing what was going on. Sometimes you just need to walk away and come back later! Thanks |
|
|
|
|
|
|
Question about sp_executesql