Recently I have had to change a query from the following (fully working):
/****** WORKING ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [operations].[ROIWarehouseDatas]
(#Operation VARCHAR(50) = NULL,
#TableName NVARCHAR(255) = NULL,
#Results [dbo].[ForeSightData] READONLY)
AS
BEGIN
DECLARE #err INT
SET #err = 0
IF (#Operation = 'Insert')
BEGIN
DECLARE #SQLString NVARCHAR(4000)
DECLARE #ParamDefinition NVARCHAR(4000)
SET #SQLString = N'TRUNCATE TABLE ['+ #TableName + N'];
INSERT INTO ['+ #TableName + N']
SELECT [ID], [BrandName], [AdvertName], [VersionName], [WCPM]
FROM #Results;';
SET #ParamDefinition = N'#Operation VARCHAR(50), #Results [dbo].[ForeSightData] READONLY';
EXECUTE sp_executesql #SQLString, #ParamDefinition, #TableName, #Results
END
--ENDIF Insert
SET #err = ##ERROR
RETURN #err
END
To the following (not working):
/****** NOT WORKING ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [operations].[ROIWarehouseDatas]
(#Operation VARCHAR(50) = NULL,
#TableName NVARCHAR(255) = NULL,
#Results [dbo].[ForeSightData] READONLY)
AS
BEGIN
DECLARE #err INT
DECLARE #SQLString NVARCHAR(4000)
DECLARE #ParamDefinition NVARCHAR(4000)
SET #err = 0
IF (#Operation = 'Insert')
BEGIN
SET #SQLString = N'MERGE INTO ['+ #TableName +'] AS T
USING #Results AS S ON T.ID = S.ID
WHEN MATCHED
THEN UPDATE
SET T.[BrandName] = S.[BrandName],
T.[AdvertName] = S.[AdvertName],
T.[VersionName] = S.[VersionName],
T.[VersionDuration] = S.[VersionDuration],
T.[WCPM] = S.[WCPM]
WHEN NOT MATCHED BY TARGET
THEN INSERT ([ID], [BrandName], [AdvertName], [VersionName], [WCPM])
VALUES (S.[ID], S.[BrandName], S.[AdvertName], S.[VersionName], S.[WCPM]);';
SET #ParamDefinition = N'#Operation VARCHAR(50), #Results [dbo].[ForeSightData] READONLY';
EXECUTE sp_executesql #SQLString, #ParamDefinition, #TableName, #Results
END
--ENDIF Insert
SET #err = ##ERROR
RETURN #err
END
However, when I run the program I get the following error:
An object or column name is missing or empty. For SELECT INTO statements, verify each column has a name. For other statements, look for empty alias names. Aliases defined as "" or [] are not allowed. Change the alias to a valid name. Unclosed quotation mark after the character string ''.
Incorrect syntax near ''.
I tried checking the syntax - and that came up as fine.
Seems not correct syntax for SQL MERGE.
WHEN NOT MATCHED BY T THEN should be Target not T:
WHEN NOT MATCHED BY Target
THEN .....
Related
I am inserting records using stored procedure and sp_executesql. Once I insert record using sp_executesql, i need the last inserted identity field value on that session.
ALTER proc [dbo].[spHoldTransaction]
#RegisterNo int,
#StoreID int,
#Department varchar(50),
#TransactionDateFrom date,
#TransactionDateTo date,
#Comment Varchar(50)
AS
BEGIN
DECLARE #RegisterID int;
DECLARE #DatabaseName varchar(15);
DECLARE #Batch int;
SELECT #RegisterID=ID FROM Register WHERE Register.Number = #RegisterNo;
SELECT #Batch = BatchNumber From Batch WHERE Status = 0 and RegisterID = #RegisterID
SET #DatabaseName = 'xxx'
SELECT #Department=''''+REPLACE(#Department,',',''',''')+''''
DECLARE #Qry nvarchar(MAX);
DECLARE #ParamDefinition nvarchar(MAX);
SET #ParamDefinition = N'#comment nvarchar(50),#StoreID int,#Batch int'
SET #Qry = '
INSERT INTO '+#DatabaseName+'.dbo.TransactionHold
(
[StoreID]
,[HoldComment]
,[BatchNumber]
,[ShippingNotes]
)
SELECT
#StoreID AS [StoreID]
,#Comment AS [HoldComment]
,#Batch AS [BatchNumber]
,'''' AS [ShippingNotes];
'
EXECUTE sp_executesql #Qry, #ParamDefinition, #Comment, #StoreID, #Batch
SELECT SCOPE_IDENTITY()
END
When I execute this above stored procedure, it's return empty. But TransactionHold has identity column Id
Try retrieving the identity inside the same scope of the execute sql procedure and return the value as an OUT parameter. Do these changes:
SET #ParamDefinition = N'#comment nvarchar(50),#StoreID int,#Batch int, #identity int out'
SET #Qry = '
INSERT INTO '+#DatabaseName+'.dbo.TransactionHold
(
[StoreID]
,[HoldComment]
,[BatchNumber]
,[ShippingNotes]
)
SELECT
#StoreID AS [StoreID]
,#Comment AS [HoldComment]
,#Batch AS [BatchNumber]
,'''' AS [ShippingNotes];
SET #identity = ##IDENTITY
'
DECLARE #identity INT
EXECUTE sp_executesql #Qry, #ParamDefinition, #Comment, #StoreID, #Batch, #identity OUT
SELECT #identity
I have a stored procedure that I'm working on and I'm trying to get it to return the results that are stored into a table variable that I created within the procedure. For some reason, its not returning anything when I execute the procedure. However, if I take the piece of code used to populate the table variable and take it out of the procedure it works...
The code is as follows:
Test Code
DECLARE #RC int
DECLARE #constraint_names nvarchar(max)
DECLARE #column_names nvarchar(max)
DECLARE #table_name nvarchar(max)
DECLARE #table_schema nvarchar(max)
DECLARE #database_name nvarchar(max)
DECLARE #debug int
DECLARE #ExistFlag int;
-- TODO: Set parameter values here.
SET #column_names = 'M2016_Object_ID int, Name varchar(50), a int, b'
SET #table_name = 'tblM2016_Objects';
SET #debug = 0;
SET #ExistFlag = 1;
DECLARE #existing_cols TABLE (Value nvarchar(max));
INSERT INTO #existing_cols EXEC spM2016_CheckColumnExistence_tblM2016
#column_names, #table_name, #database_name, #table_schema, 1, 0;
select * from #existing_cols
Results
Value
M2016_Object_ID int
Name varchar(50)
This is the expected result since I'm testing to see if M2016_Object_ID and Name column exist in the tblM2016_Objects table.
However, when I execute this inside the stored procedure I'm working on, it returns nothing.
Stored Procedure
ALTER PROCEDURE spM2016_ChangePKConstraints_tblM2016
-- Add the parameters for the stored procedure here
#constraint_names nvarchar(max) =
N'PK_tblM2016_Fields_M2016_Field_ID',
#column_names nvarchar(max) = N'M2016_Field_ID',
#table_name nvarchar(max) = N'tblM2016_Fields',
#table_schema nvarchar(max) = N'dbo',
#database_name nvarchar(max) = N'MET',
#debug int = 0
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
DECLARE #tbl_name nvarchar(max) = N'tblM2016_Fields',
#col_names nvarchar(max) = N'M2016_Field_ID',
#tbl_schema nvarchar(max) = N'dbo',
#db_name nvarchar(max) = N'MET',
#tbl_full_name nvarchar(max),
#tbl_short_name nvarchar(max),
#sql nvarchar(max),
#params nvarchar(max)
-- Insert statements for procedure here
SET #col_names = ISNULL(NULLIF(#column_names, ''), #col_names);
SET #tbl_name = quotename(ISNULL(NULLIF(#table_name, ''), #tbl_name));
SET #tbl_schema = quotename(ISNULL(NULLIF(#table_schema, ''), #tbl_schema));
SET #db_name = quotename(ISNULL(NULLIF(#database_name, ''), #db_name));
SET #tbl_full_name = #db_name + '.' + #tbl_schema + '.' + #tbl_name;
SET #tbl_short_name = #tbl_schema + '.' + #tbl_name;
DECLARE #existing_cols TABLE (Value nvarchar(max));
DECLARE #nonexisting_cols TABLE (Value nvarchar(max));
--INSERT INTO #split_columns
-- SELECT *
-- FROM
-- fnM2016_Split_String_Inline(#col_names, ',');
--IF (#debug = 1)
-- SELECT * FROM #split_columns;
IF NOT EXISTS (SELECT * FROM sys.objects WHERE type = 'PK' AND parent_object_id = OBJECT_ID(#tbl_full_name))
BEGIN
-- No PK constraint, check col_names to see which exist and don't exist
INSERT INTO #existing_cols EXEC spM2016_CheckColumnExistence_tblM2016 #col_names, #tbl_name, #db_name, #tbl_schema, 1, 0;
INSERT INTO #nonexisting_cols EXEC spM2016_CheckColumnExistence_tblM2016 #col_names, #tbl_name, #db_name, #tbl_schema, 0, 0;
SELECT * FROM #existing_cols;
SELECT * FROM #nonexisting_cols;
END
--ELSE
--BEGIN
--END
END
Results
These are the results after executing the procedure with the same parameter values in the test above:
EXECUTE #RC = [dbo].[spM2016_ChangePKConstraints_tblM2016]
#constraint_names
,#column_names
,#table_name
,#table_schema
,#database_name
,#debug;
Result
Value
The table purposely does not have a primary key. Proof:
In your procedure, change the name of the table in your Declare section.
This should fix the issue.
ALTER PROCEDURE spM2016_ChangePKConstraints_tblM2016
-- Add the parameters for the stored procedure here
#constraint_names nvarchar(max) =
N'PK_tblM2016_Fields_M2016_Field_ID',
#column_names nvarchar(max) = N'M2016_Field_ID',
#table_name nvarchar(max) = N'tblM2016_Objects',
#table_schema nvarchar(max) = N'dbo',
#database_name nvarchar(max) = N'MET',
#debug int = 0
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
DECLARE #tbl_name nvarchar(max) = N'tblM2016_Objects',
#col_names nvarchar(max) = N'M2016_Field_ID',
#tbl_schema nvarchar(max) = N'dbo',
#db_name nvarchar(max) = N'MET',
#tbl_full_name nvarchar(max),
#tbl_short_name nvarchar(max),
#sql nvarchar(max),
#params nvarchar(max)
I figured out the issue. My #table_name, #table_schema, and #database_name being passed into the spM2016_CheckColumnExistence_tblM2016 procedure inside the spM2016_ChangePKConstraints_tblM2016 were already escaped through the call to quotename(). Inside the spM2016_CheckColumnExistence_tblM2016, I also do a qutoename() of the parameters as a validation check against bad table, database, and schema names. That procedure code was left out and I apologize for that.
Essentially the problem area is here (with problem parameters highlighted with **)
Problem code in spM2016_ChangePKConstraints_tblM2016
INSERT INTO #existing_cols EXEC spM2016_CheckColumnExistence_tblM2016 #col_names, **#tbl_name**, **#db_name**, **#tbl_schema**, 1, 0;
Notice that those parameters being passed to spM2016_CheckColumnExistence_tblM2016 have already been escaped with quotename() above in the spM2016_ChangePKConstraints_tblM2016 procedure. Now, here is the missing key code in the spM2016_CheckColumnExistence_tblM2016 procedure:
Problem code in spM2016_CheckColumnExistence_tblM2016
ALTER PROCEDURE spM2016_CheckColumnExistence_tblM2016
-- Add the parameters for the stored procedure here
#column_names nvarchar(max) = N'M2016_Field_ID int',
#table_name nvarchar(max) = N'tblM2016_Fields',
#database_name nvarchar(max) = N'MET',
#table_schema nvarchar(max) = N'dbo',
#ExistFlag int = 1, -- Check for column existence in given table = 1
-- Check for column non-existence in given table = 0
#debug int = 0
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
DECLARE #tbl_name nvarchar(max) = N'tblM2016_Fields',
#col_names nvarchar(max) = N'M2016_Field_ID',
#tbl_schema nvarchar(max) = N'dbo',
#db_name nvarchar(max) = N'MET',
#tbl_full_name nvarchar(max),
#tbl_short_name nvarchar(max)
-- Insert statements for procedure here
***** PROBLEM STARTS HERE *****
SET #col_names = ISNULL(NULLIF(#column_names, ''), #col_names);
SET #tbl_name = quotename(ISNULL(NULLIF(#table_name, ''), #tbl_name));
SET #tbl_schema = quotename(ISNULL(NULLIF(#table_schema, ''), #tbl_schema));
SET #db_name = quotename(ISNULL(NULLIF(#database_name, ''), #db_name));
SET #tbl_full_name = #db_name + '.' + #tbl_schema + '.' + #tbl_name;
SET #tbl_short_name = #tbl_schema + '.' + #tbl_name;
I've highlighted the issue with ***** PROBLEM STARTS HERE ***** for clarity. As you can see, spM2016_CheckColumnExistence_tblM2016 also does a quotename call to make sure the #table_name, #table_schema, and #database_name passed to spM2016_CheckColumnExistence_tblM2016 has proper escaping as well. But, since I passed the already quotenamed #table_name, #table_schema, and #database_name from spM2016_ChangePKConstraints_tblM2016 into spM2016_CheckColumnExistence_tblM2016 as #col_names, #tbl_name, #db_name, #tbl_schema, they got double quoted and were thus unrecognizable when doing comparisons in the sys.object queries in spM2016_CheckColumnExistence_tblM2016 and so were returning bogus results.
The reason the test code worked is because the parameters were not already escaped when passed into the spM2016_CheckColumnExistence_tblM2016, thus causing the table variable to execute fine.
Turns out, it had nothing to do with the table variable :/
I want to pass table name as parameter and I want to that parameter in where clause
CREATE PROC [dbo].[bb_GetPrepositionInfo]
#userid INT,#propId INT,#tabName varchar(50)
AS
SET NOCOUNT ON
SET XACT_ABORT ON
BEGIN TRAN
SELECT *
FROM #tblname
WHERE ([acq_id] = #propId AND [user_id] = #userid)
COMMIT
GO
Not tested but You need to use Dynamic SQL.
CREATE PROC [dbo].[bb_GetPrepositionInfo]
#userid INT,#propId INT,#tabName varchar(50)
AS
SET NOCOUNT ON
SET XACT_ABORT ON
BEGIN TRAN
DECLARE #SQL varchar(250)
SELECT #SQL = 'SELECT * FROM ' + QuoteName(#tabName) + ' where acq_id=' + Quotename(#propId) + ' AND user_id=' + Quotename(#userid)
EXEC (#SQL)
COMMIT
GO
CREATE PROC [dbo].[bb_GetPrepositionInfo]
DECLARE #userid INT
DECLARE #propId INT
DECLARE #tabName varchar(50)
DECLARE #sqlCommand varchar(200)
AS
SET NOCOUNT ON
SET XACT_ABORT ON
BEGIN TRAN
SET #sqlCommand = 'SELECT * from ' + #tabName +'WHERE [acq_id]='+ #propId +'AND [user_id] = '+ #userid
EXEC (#sqlCommand)
COMMIT
GO
I have this stored procedure
USE [all_things]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[sp_getThingsByType]
#thingid int,
#typeid int
AS
DECLARE #Sql NVARCHAR(MAX) = 'SELECT * from items'
IF #thingid IS NOT NULL
BEGIN
SET #Sql += ' where thingid = #thingid'
END
IF #typeid IS NOT NULL
BEGIN
SET #Sql += ' and TypeID = #typeid'
END
EXEC sp_executesql #sql, N'#thingid int,#typeid int',#thingid=#thingid,#typeid=#typeid;
Test cases:
When I run it with the thingid is null and typeid is null, I get all results which is perfect.
When the thingid is supplied and the typeid is null, the results are ok
Here is where, the results are not good: thingid is null and typeid is supplied. Everything is being returned.
What am I missing?
Thanks
Thanks to #tschmit007, I fixed it.
USE [all_things]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[sp_getThingsByType]
#thingid int,
#typeid int
AS
DECLARE #Sql NVARCHAR(MAX) = 'SELECT * from items'
IF #thingid IS NOT NULL
BEGIN
SET #Sql += ' where thingid = #thingid'
END
IF #typeid IS NOT NULL AND #thingid IS NOT NULL
BEGIN
SET #Sql += ' and TypeID = #typeid'
END
IF #typeid IS NOT NULL AND #thingid IS NULL
BEGIN
SET #Sql += ' where TypeID = #typeid'
END
EXEC sp_executesql #sql, N'#thingid int,#typeid int',#thingid=#thingid,#typeid=#typeid;
DECLARE #dbName nvarchar(128) = 'myDb'
DECLARE #siteId int
exec ('SELECT TOP 1 #siteId = Id FROM ' + #dbName + '..myTbl')
select #siteId
When I run the script above I get the following error
Msg 137, Level 15, State 1, Line 1
Must declare the scalar variable "#siteId".
(1 row(s) affected)
Why and how to fix it?
Thank you
You can use output parameters with sp_executesql.
DECLARE #dbName nvarchar(128) = 'myDb'
DECLARE #siteId int
DECLARE #SQL nvarchar(max) = N'SELECT TOP 1 #outputFromExec = Id FROM ' + quotename(#dbName) + N'..myTbl'
exec sp_executesql #SQL, N'#outputFromExec int out', #siteId out
select #siteId
The dynamic SQL is a different scope to the outer, calling SQL: so #siteid is not recognised
You'll have to use a temp table/table variable outside of the dynamic SQL:
DECLARE #dbName nvarchar(128) = 'myDb'
DECLARE #siteId TABLE (siteid int)
INSERT #siteId
exec ('SELECT TOP 1 Id FROM ' + #dbName + '..myTbl')
select * FROM #siteId
Note: TOP without an ORDER BY is meaningless. There is no natural, implied or intrinsic ordering to a table. Any order is only guaranteed by the outermost ORDER BY
You can try like below
DECLARE #sqlCommand NVARCHAR(4000)
DECLARE #ID INT
DECLARE #Name NVARCHAR(100)
SET #ID = 4
SET #sqlCommand = 'SELECT #Name = [Name]
FROM [AdventureWorks2014].[HumanResources].[Department]
WHERE DepartmentID = #ID'
EXEC sp_executesql #sqlCommand, N'#ID INT, #Name NVARCHAR(100) OUTPUT',
#ID = #ID, #Name = #Name OUTPUT
SELECT #Name ReturnedName
Source : blog.sqlauthority.com
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author: Andrew Foster
-- Create date: 28 Mar 2013
-- Description: Allows the dynamic pull of any column value up to 255 chars from regUsers table
-- =============================================
ALTER PROCEDURE dbo.PullTableColumn
(
#columnName varchar(255),
#id int
)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
DECLARE #columnVal TABLE (columnVal nvarchar(255));
DECLARE #sql nvarchar(max);
SET #sql = 'SELECT ' + #columnName + ' FROM regUsers WHERE id=' + CAST(#id AS varchar(10));
INSERT #columnVal EXEC sp_executesql #sql;
SELECT * FROM #columnVal;
END
GO
A slight change in the execute query will solve the problem:
DECLARE #dbName nvarchar(128) = 'myDb'
DECLARE #siteId int
exec ('SELECT TOP 1 **''#siteId''** = Id FROM ' + #dbName + '..myTbl')
select #siteId