Creating a dynamic where clause in SQL Server stored procedure - sql-server-2008

I am trying to create a stored that will accept two values, a column name and a value. It will then check if there is a record that exists for the passed in column name with the passed in value. I've tried the following
CREATE PROCEDURE p_HasActiveReference
#pi_colName varchar(100)
,#pi_colValue varchar(100)
AS
BEGIN
SET NOCOUNT ON
declare #sql varchar(1000)
set #sql = 'IF EXISTS(SELECT TOP 1 p.PaymentId
FROM Payments p
WHERE ' + #pi_colName + ' = ' + #pi_colValue + 'AND Active = 1)
SELECT ''True'' AS RETVAL
ELSE
SELECT ''False'' AS RETVAL'
exec(#sql)
END
However, I always get this error
Conversion failed when converting the varchar value 'InternalOr' to data type int.
When I call the procedure with the following
p_HasActiveReference 'InternalOrgCode', '10110'
The internalOrgCode column is of value varchar(10)
I am not a SQL expert, so I am not even sure if what I need to achieve is even possible using that technique!
Thanks!

At least one issue: you should be surrounding your string value with single quotes, and to escape those inside a string you need to double them up:
WHERE ' + #pi_colName + ' = ''' + #pi_colValue + ''' AND ...
You also may want to declare your #sql variable as something bigger than 100 characters! Looks like your string is getting truncated.
If the possible values for #pi_colName are finite, the data type is always string, and the columns are collation compatible, you could do something like this and avoid dynamic SQL:
SELECT ...
WHERE CASE #pi_colName
WHEN 'col1' THEN col1
WHEN 'col2' THEN col2
END = #pi_ColValue;

Related

want to Write a Stored Procedure in MYSQL [duplicate]

I have made a stored procedure. I want it to filter the data by different parameters. If I pass one parameter, it should be filtered by one; if I pass two, it should be filtered by two, and so on, but it is not working.
Can anyone help me please?
DROP PROCEDURE IF EXISTS medatabase.SP_rptProvince2;
CREATE PROCEDURE medatabase.`SP_rptProvince2`(
IN e_Region VARCHAR(45)
)
BEGIN
DECLARE strQuery VARCHAR(1024);
DECLARE stmtp VARCHAR(1024);
SET #strQuery = CONCAT('SELECT * FROM alldata where 1=1');
IF e_region IS NOT NULL THEN
SET #strQuery = CONCAT(#strQuery, ' AND (regionName)'=e_Region);
END IF;
PREPARE stmtp FROM #strQuery;
EXECUTE stmtp;
END;
AFAIK, you can't have a variable argument list like that. You can do one of a couple of things:
Take a fixed maximum number of parameters, and check them for null-ness before concatenating:
CREATE PROCEDURE SP_rptProvince2(a1 VARCHAR(45), a2 VARCHAR(45), ...)
...
IF a1 IS NOT NULL THEN
SET #strQuery = CONCAT(#strQuery, ' AND ', a2);
END IF;
If you need predetermined fields to which the criteria in the argument apply (like the e_Region parameter in your existing code), then you modify the CONCAT operation appropriately.
Possible invocation:
CALL SP_rptProvince2('''North''', 'column3 = ''South''')
Take a single parameter that is much bigger than just 45 characters, and simply append it to the query (assuming it is not null).
Clearly, this places the onus on the user to provide the correct SQL code.
Possible invocation:
CALL SP_rptProvince2('RegionName = ''North'' AND column3 = ''South''')
There's not a lot to choose between the two. Either can be made to work; neither is entirely satisfactory.
You might note that there was a need to protect the strings in the arguments with extra quotes; that is the sort of thing that makes this problematic.
I found a JSON-based approach which works with the latest MySQL/MariaDB systems. Check the link below (Original Author is Federico Razzoli): https://federico-razzoli.com/variable-number-of-parameters-and-optional-parameters-in-mysql-mariadb-procedures
Basically, you take a BLOB parameter which is actually a JSON object and then do JSON_UNQUOTE(JSON_EXTRACT(json object, key)) as appropriate.
Lifted an extract here:
CREATE FUNCTION table_exists(params BLOB)
RETURNS BOOL
NOT DETERMINISTIC
READS SQL DATA
COMMENT '
Return whether a table exists.
Parameters must be passed in a JSON document:
* schema (optional). : Schema that could contain the table.
By default, the schema containing this procedure.
* table : Name of the table to check.
'
BEGIN
DECLARE v_table VARCHAR(64)
DEFAULT JSON_UNQUOTE(JSON_EXTRACT(params, '$.table'));
DECLARE v_schema VARCHAR(64)
DEFAULT JSON_UNQUOTE(JSON_EXTRACT(params, '$.schema'));
IF v_schema IS NULL THEN
RETURN EXISTS (
SELECT TABLE_NAME
FROM information_schema.TABLES
WHERE
TABLE_SCHEMA = SCHEMA()
AND TABLE_NAME = v_table
);
ELSE
RETURN EXISTS (
SELECT TABLE_NAME
FROM information_schema.TABLES
WHERE
TABLE_SCHEMA = v_schema
AND TABLE_NAME = v_table
);
END IF;
END;

Stored procedure to replace certain variables in string

I'm working on a stored procedure that will accept a string and return a new string of text. Input parameters are #OrderId and #OrderText which is a string with dollar sign enclosed variables like so... $Order Name$ sent to $Customer$
The valid variables are in a Variables table (values such as Order Name, Customer, a total of 25 of them which should remain fairly static). Variables can only be used once in the string.
The stored procedure needs to return the string but with the variables replaced with their respective values.
Example1
Input: 123, $Order Name$ sent to $Customer$
Returns: Toolkit sent to StackCustomer Inc.
Example2
Input: 456, $Customer$ requests $delivery method$ for $order type$
Returns: ABC Inc requests fast shipping for pallet orders.
Each of the variables can be retrieved using a function.
DECLARE #OrderId int = 123
DECLARE #InputText VARCHAR(500) = '$Order Name$ sent to $Customer$'
select
#InputText = case when #InputText like '%$order name$%'
then replace(#InputText, '$Order Name$', getOrderName(id) else '' end,
#InputText = case when #InputText like '%$customer$'
then replace(#InputText, '$Customer$', getCustomer(id) else '' end
-- repeat 25 times
Is there a better way? My main concern is maintainability - if a variable is added, renamed, or removed, this stored proc will need to be changed (although I'm told it would only happen a couple times a year, if that). Would dynamic sql be able to help in this case?
Personally, I would create a keywords table to maintain it. something like this
CREATE TABLE [keywords] (
key_value VARCHAR(100) NOT NULL,
function_value VARCHAR(100) NOT NULL
)
INSERT INTO [keywords]
VALUES
('$Customer$','getCustomer(id)'),
('$Order Name$' ,'getOrderName(id)'),
('$order type$','getOrderType(id)')
Then use dynamic sql create REPLACE SQL
DECLARE #OrderId int = 123
DECLARE #InputText VARCHAR(500) = '$Order Name$ sent to $Customer$'
DECLARE #sql VARCHAR(8000) = 'SELECT '
SELECT
#sql = #sql +
' #InputText = replace(#InputText, ''' + key_value + ''', ' + function_value + ')'
+ ' ,'
FROM keywords
WHERE #InputText LIKE '%' + key_value + '%'
SELECT #sql = LEFT(#sql, LEN(#sql) -1)
PRINT #sql
EXEC(#sql)
SQLFiddle
I am not really getting why you need to do tokenization if you are going to use input variables for the procedure.
There are token templates already available for SQL Management Studio in the form of:
<(tokenName),(datatype),(defaultvalue)>
You can get their data filled directly with SQL Managment Studio with CTRL + SHIFT + M, or with ALT > Q > S in 2012, or by text finding their values in an environment.
If you are trying to put in an input to be accessed by an outside developing platform that changes the strings like ADO.NET or the Entity Framework in C#/VB.NET I still am not getting why you would not just make more input variables.
You could do this quite easily:
Declare #OrderPlace varchar(128), #Customer varchar(64), #StringCombine varchar(512);
Select
#OrderPlace = 'Place I am at'
, #Customer = 'Mr Customer';
Select #StringCombine = #Customer + ' order at ' + #OrderPlace
Then if a different language accessed your SQL server procedure it would just have to put in two parameters #Customer and #OrderPlace. You could even set #StringCombine to be an output variable. This is much more preferable then text replacing characters and then running a string. This could be able for SQL injection attacks potentially so santizing your inputs is a big part of returning data, especially if you are altering something for SQL to run before it is ran.
You mentioned maintainability and this is much more robust because if I change the logic to the proc but DO NOT change the variables names, I did not have to change anything else. If I have to change an ADO.NET or other library for references and then SQL code, that is lot more work. Generally when working with tokens I strive for reuse of code where one part of it can go down and only hurt that part of it, not take the whole thing down.

MySQL Dynamic Table issue

Every month we get a CSV file that contains 300+ columns. The layout of the file can change whenever, and columns can be added/removed. I'm in need of a way to create a dynamic table that contains the exact number of columns needed. I don't care about column names, they can be Column1, Column2, etc.. and I plan to set all types to Varchar(500).
Ideally what I would I want to accomplish is a stored procedure that I can simply pass in the number of columns needed and it will loop to create the necessary Table Definition sql and then execute that sql.
Is accomplishing this even possible? I had started to write the following:
BEGIN
Declare loopvar int default 1;
Declare tsql VarChar(5000);
Declare table_definition VarChar(8000);
Declare tablename varchar(20);
Set table_definition = 'Column';
set tablename = 'npi_data';
Set loopvar = 1;
While loopVar < 362 DO
set tsql = table_definition + loopvar + 'varchar(500) DEFAULT NULL' ;
set loopvar = loopvar + 1;
end while;
set tsql = 'CREATE TABLE' + tablename + '(' + tsql + ') ENGINE=InnoDB DEFAULT CHARSET=utf8';
execute tsql;
END;
I'd like something close to that but all I really need is the ability to create a table with any given number of columns.
Thanks!
If you mean you want to be able to pass a list of column names, like 'A,B,C', and use it to generate a list of column definitions, like A varchar(500) DEFAULT NULL,B varchar(500) DEFAULT NULL,C varchar(500) DEFAULT NULL and, eventually, a CREATE TABLE statement with that definition list, you could use an approach like this:
...
SET columnnames = 'A,B,C';
SET sql = CONCAT(
REPLACE(columnnames, ',', ' varchar(500) DEFAULT NULL,'),
' varchar(500) DEFAULT NULL'
);
SET sql = CONCAT('CREATE TABLE ', tablename, ' (', sql, ')');
...
That is, every comma in the name list is expanded so as to complete the definition of the column preceding the comma. As the last item isn't followed by a comma, the type is simply concatenated one more time to the result of REPLACE.
Alternatively, to avoid the repetition of the varchar(500) DEFAULT NULL bit, you could do this:
...
SET columnnames = 'A,B,C';
SET sql = REPLACE(CONCAT(columnnames, ','), ',', ' varchar(500) DEFAULT NULL,');
SET sql = LEFT(sql, LENGTH(sql) - 1);
SET sql = CONCAT('CREATE TABLE ', tablename, ' (', sql, ')');
...
In this case, a comma is added after the last name, then all commas in the resulting string are replaced like in the previous examples. As a final touch to the list, the trailing comma is removed and finally the complete statement is built.
Either way, no loop is needed.

Entity Framework no columns from simple query

I have the following stored procedure:
SET ANSI_NULLS ON
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[GetData]
#taskName VARCHAR(205) = NULL
AS
BEGIN
SELECT *
FROM [dbo].[Table] WITH (NOLOCK)
WHERE #taskName IS NULL
OR #taskName = ''
OR Name LIKE '%' + #taskName + '%'
ORDER BY Name
END
Now I created an File.edmx generated model, selected the GetData stored procedure, when I do a function import and I get "Get Column Information", it says
The selected stored procedure returns no columns
I am dbo_owner on the database and it is my user that is in the app.config on generation, and I am even storing the password in app.config (temporarily), when I run the procedure from Management Studio, it shows the columns..
I'm puzzled!
You need to specify the field names in your select statement rather than just using the *
try
ALTER PROCEDURE [dbo].[GetData]
#taskName VARCHAR(205) = NULL
AS
BEGIN
exec ('SELECT * FROM [dbo].[Table] WITH (NOLOCK) WHERE ' + #taskName + 'IS NULL OR ' + #taskName + ' = \'\' OR Name LIKE \'%' + #taskName + '%\' ORDER BY Name')
END
GO
I would try the same process but using only
SELECT *
FROM [dbo].[Table] WITH (NOLOCK)
instead of the full query. Then you can alter your proc to add the where.
Sometimes EF has problems identifying the return columns due to the were clause

Why is this error of convertion type SQL Server 2008

I create a table like
CREATE TABLE #tab(ID INT,Value FLOAT)
inside a loop (#n is counter)I insert elements dynamicaly:
SET #sql = 'INSERT #tab(ID,Value) SELECT '+#n+', SUM('+#x+'*'+#y+') FROM '+ #table_name;
when attempt to execute this:
Conversion failed when converting the varchar value 'INSERT #tab (ID,Value) SELECT ' to data type int.
I don't understand why it says convertion, as id is defined as INT.
How do you fix this query?
You can use the CAST function.
'SELECT '+ CAST(#n AS VARCHAR) +', SUM('+#x+'*'+#y+') FROM '
The error happened because you try to join a CHAR with a INT. The CHAR in this case is the 'SELECT ' string.