How do I pass input parameters to sp_executesql?

sql sql-server tsql stored-procedures dynamic-sql
14,054

Instead of

EXEC [dbo].[sp_executesql] @dynamicCode;

Use

EXECUTE sp_executesql @dynamicCode, 
N'@desde char(8), @hasta char(8)',
@desde = @desde, @hasta = @hasta;

You have to define the parameters you used in the dynamic query like@desde and @hasta

Please refer sp_executesql

Else You can concat the values of @desde, @hasta to the dynamic query, like

'....FECHA_DCTO >= ' + @desde +
'AND FECHA_DCTO <= ' + @hasta +
'GROUP BY ....'
Share:
14,054
quelquecosa
Author by

quelquecosa

making moves in sunny miami, fl [email protected]

Updated on June 12, 2022

Comments

  • quelquecosa
    quelquecosa almost 2 years

    In SQL Server 2014, I am trying to create a dynamic WHERE clause.

    I have built the query as a string, but when I try to execute it with sp_executesql, I get the following error: Líne 13 You must declare the scalar variable "@desde".

    I can't figure out how to get sp_executesql to recognize the input parameters.

    ALTER PROCEDURE [dbo].[seleccionarFacturas] 
    -- Add the parameters for the stored procedure here
    @desde char(8) = null, 
    @hasta char(8) = null,
    @minimo int = null,
    @ciudad int = null
AS
BEGIN
    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;
    DECLARE @tiendas varchar(max);

    DECLARE @tablaFacturas TABLE
    (
        fecha char(8), 
        CO char(8),
        consecutivo varchar(max),
        nombreCliente varchar(max),
        ventaTotal int
    );

    SET @tiendas='(ID_CO=20 OR ID_CO=22 OR ID_CO=23 OR ID_CO=27 OR ID_CO=35 OR ID_CO=39 OR ID_CO=45 OR ID_CO=48 OR ID_CO=55 OR ID_CO=58)';

    DECLARE @dynamicCode nvarchar(max)=
    N'
    SELECT
        FECHA_DCTO,
        ID_CO,
        DETALLE_DOC,
        NOM_CLI_CONTADO,
        (SUM(TOT_VENTA)) AS ventaTotal
    FROM 
        moda.dbo.CMMOVIMIENTO_VENTAS
    WHERE'
        + @tiendas +
        N' AND FECHA_DCTO >= @desde
        AND FECHA_DCTO <= @hasta
    GROUP BY  
        DETALLE_DOC, ID_CO, FECHA_DCTO, NOM_CLI_CONTADO';

    INSERT INTO @tablaFacturas
    EXEC [dbo].[sp_executesql] @dynamicCode;

    SELECT * FROM @tablaFacturas
  • Jack
    Jack over 7 years
    the concatenation one might be injected. I'd highly suggest to use the first option, where dynamic code is something like => 'field=@par_field ...'

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SQL Server stored procedure to export Select Result to CSV
SQL Column name or number of supplied values does not match table definition
TSQL-ORDER BY clause in a CTE expression?
SQL Server stored procedure select top 1 and update in one statement?
Stored procedure that exports data into csv files only exports to one file
Can we pass database name in a SQL query as parameter?
Execute a stored procedure in another database with params
sp_MSforeachtable to execute procedure on each table
Using CASE Statement in Stored Procedure
Create a temporary table like a current table in SQL Server 2005/2008