sp-executesql

SET @whereCond = @whereCond + ' AND name LIKE ''%'' + @name + ''%''' Is there something wrong here? After I generate where condition, I execute it with sp_executesql , but I did get anything. When I SELECT the same thing without sp, it's ok. How to use LIKE in sp_executesql? Can you bring some examples, please? Thank you. UPDATE declare @name nvarchar(50) set @name = 'a' SELECT * FROM Tbl_Persons WHERE 1 = 1 AND lastname LIKE '%a%' exec sp_executesql N'SELECT * FROM Tbl_Persons WHERE 1 = 1 AND lastname LIKE ''%@name%''', N'@name nvarchar(50)', @name=@name First query returns values, second one

I have multiple EXECUTE IMMEDIATE commands within one oracle procedure. EXECUTE IMMEDIATE 'DELETE FROM tbl1'; EXECUTE IMMEDIATE 'INSERT INTO tbl1...'; COMMIT; EXECUTE IMMEDIATE 'DELETE FROM tbl3'; EXECUTE IMMEDIATE 'INSERT INTO tbl3 ...'; COMMIT; EXECUTE IMMEDIATE 'DELETE FROM tbl4'; EXECUTE IMMEDIATE 'INSERT INTO tbl4 ...'; COMMIT; Do I need all of these COMMIT, or just at the end of the procedure? The only times that you're really forced to commit, other thasn at the end of a business transaction, are: When executing DDL: the DDL execution is wrapped in a pair of implicit commits. After

When dealing with debugging queries using Profiler and SSMS, its pretty common for me to copy a query from Profiler and test them in SSMS. Because I use parameterized sql, my queries are all sent as exec sp_executesql queries. exec sp_executesql N'/*some query here*/', N'@someParameter tinyint', @ someParameter =2 I'll take this and convert it into a normal query for ease of editing (intellisense, error checking, line numbers, etc): DECLARE @someParameter tinyint SET @someParameter = 2 /*some query here*/ Of course, the bigger and more complex the query, the harder to do this. And when you're

I have a stored procedure that uses sp_executesql to generate a result set, the number of columns in the result can vary but will be in the form of Col1 Col2 Col3 etc. I need to get the result into a temp table or table variable so I can work with it. The problem is I need to define the columns of the temp table, which I cant do dynamically using sp_executesql as the scope of the temp table is lost after the command is executed. I have toyed with the idea of using Global Temp tables, as the scope allows it to be created dynamically, however, there is a very good chance the Global Temps would

In the below sample code, Table Name is an input parameter. In this case, how can I avoid SQL injection using sp_executesql . Below is the sample code, I am trying to use sp_executesql to avoid it but it doesn't work. Can anyone tell me how to correct it? ALTER PROC Test @param1 NVARCHAR(50), @param2 INT, @tblname NVARCHAR(100) AS BEGIN DECLARE @sql NVARCHAR(1000) SET @sql= N' select * from ' + @tblname + ' where name= @param1 and id= @param2'; PRINT @sql EXEC Sp_executesql @sql, N'@param1 nvarchar(50), @param2 int', @param1, @param2; END EXEC Test 'John', 2, ' emp; delete from emp where id =