Parameterized OLEDB source query

ssis bids
71,064

Solution 1

Simple. Choose SQL command as the Data Access Mode. Enter your query with a question mark as a parameter placeholder. Then click the Parameters button and map your variable to Parameter0 in the Set Query Parameters dialog:

enter image description here

More information is available on MSDN.

Solution 2

An inferior alternative to @Edmund's approach is to use an Expression on another Variable to build your string. Assuming you have @[User::FirstName] already defined, you would then create another variable, @[User::SourceQuery].

In the properties for this variable, set EvaluateAsExpression to True and then set an Expression like "SELECT FirstName, LastName, FROM Person.Person WHERE FirstName = '" + @[User::FirstName] +"'" The double quotes are required because we are building an SSIS String.

There are two big reasons this approach should not be implored.

Caching

This approach is going to bloat your plan cache in SQL Server with N copies of essentially the same query. The first time it runs and the value is "Edmund" SQL Server will create an execution plan and save it (because it can be expensive to build them). You then run the package and the value is "Bill". SQL Server checks to see if it has a plan for this. It doesn't, it only has one for Edmund and so it creates another copy of the plan, this time hard coded to Bill. Lather-rinse-repeat and watch your available memory dwindle until it unloads some plans.

By using the parameter approach, when the plan is submitted to SQL Server, it should be creating a parameterized version of the plan internally and assumes that all parameters supplied will result in equal costing executions. Generally speaking, this is the desired behaviour.

If your database is optimized for ad-hoc workload (it's a setting turned off by default), that should be mitigated as every plan is going to get parameterized.

SQL Injection

The other big nasty you will run into with building your own string is that you open yourself up to SQL Injection attacks or at the least, you can get runtime errors. It's as simple as having a value of "d'Artagnan." That single quote will cause your query to fail resulting in package failure. Changing the value to "';DROP TABLE Person.Person;--" will result in great pain.

You might think it's trivial to safe quote everything but the effort of implementing it consistently everywhere you query is beyond what your employer is paying you. All the more so since there is native functionality provided to do the same thing.

Solution 3

When using OLEDB Connection manager (with SQL Server Native Client 11.0 provider in my case) you can catch an error like this:

Parameters cannot be extracted from the SQL command. The provider might not help to parse parameter information from the command. In that case, use the "SQL command from variable" access mode, in which the entire SQL command is stored in a variable.

So you need to explicitly specify database name in OLEDB Connection manager properties. Otherwise SQL Server Native Client can use different database name then you mean (e.g. master in MSSQL Server). For some cases you can explicitly specify database name for each database object used in query, e.g.:

select Name
from MyDatabase.MySchema.MyTable
where id = ?
Share:
71,064

Related videos on Youtube

billinkc
Author by

billinkc

Developer, devourer of pie, disciple of databases, dictator of datum, drinker of tea, delirious with alliterative devices@billinkcSQL Server MVP Author: The Biml Book Need help with your Data Warehouse or SSIS? Let's talk

Updated on July 09, 2022

Comments

  • billinkc
    billinkc almost 2 years

    I am creating an ETL in SSIS in which I which I want my data source to be a restricted query, like select * from table_name where id='Variable'. This variable is what I defined as User created variable.

    I do not understand how I can have my source query interact with the SSIS scoped Variable.

    The only present options are

    • Table
    • Table from variable
    • SQL Command
    • SQL command from a variable

    What I want is to have a SQL statement having a variable as parameter

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSIS Flat File error "Text was truncated or one or more characters had no match in the target code page."
SSIS: is it possible to remove a specific character in a string then transform it to integer
SSIS Excel to SQL import -- First 6 rows of the file contains header-related information
SSIS Count of Object Variable?
SSIS Connection Error
SSIS Conversion from Flat File DT_WSTR to nvarchar(255) field null when characters other than numbers
Error: 0xC0202009 at Data Flow Task, OLE DB Destination [43]: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80040E21
SSIS: Just started getting a "Key not valid for use in specified state." error on my scheduled SSIS package
SSIS Expressions setting two variables
Disabling SSIS Package Validation when Loading a Package in the VS Designer