Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2005-11-09 : 07:09:11
|
| Big Sam writes "I want to create a stored procedure for an ASP.net application. The problem is that the Where & Order By clauses need to be built in the stored procedure or the asp.net application. Essentially the end users will have the ability to search for customers based on any combination of name, city, state or zip. Additionally, the users can include wild cards (*) so that the Where clause will use Like criteria. Finally, they can sort on any of the search fields, whether they searched by it or not.I can easily build a SQL statement in the ASP.net application & execute it. I'd rather not have too many stored procedures that can accommodate all of the possible combination of values.Is this one of those instances where I'm better off not using a stored procedure? Should I build the SQL statement in the procedure & then do an Exec(statement)? If not, how do I write one that will work (I haven't figured out how to pass a Where or Order By clause to a procedure)?Thanks,Big Sam" |
|
|
rajanvarghese
Starting Member
2 Posts |
Posted - 2005-11-09 : 16:45:07
|
| You can pass the query itself as the input parameter from the dot netfor eg :create procedure sp_sort in@strSql varchar(2000)exec @strsql-----------------------you can execute this procedure from dotnet asexecute sp_sort 'Select * from pubs order by text'However, this is not recommended on security aspectsRajan Varghese |
 |
|
|
|
|
|
stored procedure dilemma