Scribd
Upload
27 views

SQL Server Dynamic SQL Commands Execute

This document discusses two methods for executing dynamic SQL commands in SQL Server: EXEC and sp_executesql. With EXEC, the SQL statement is built on the fly and variables are concatenated into the query string, requiring extra quotes for string values. sp_executesql allows parameters to be used like stored procedures, avoiding extra quotes and ensuring data types match. The example shows building a column list and city variable, then executing a SELECT with either EXEC or sp_executesql and passing the city parameter.

Uploaded by

arunagarwal7
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views

SQL Server Dynamic SQL Commands Execute

This document discusses two methods for executing dynamic SQL commands in SQL Server: EXEC and sp_executesql. With EXEC, the SQL statement is built on the fly and variables are concatenated into the query string, requiring extra quotes for string values. sp_executesql allows parameters to be used like stored procedures, avoiding extra quotes and ensuring data types match. The example shows building a column list and city variable, then executing a SELECT with either EXEC or sp_executesql and passing the city parameter.

Uploaded by

arunagarwal7
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

SQL Server Dynamic SQL commands Execute

Using EXEC
With this approach you are building the SQL statement on the fly and can pretty much do whatever you need to in order to construct the statement. Let's say we want to be able to pass in the column list along with the city. For this example we want to get columns CustomerID, ContactName and City where City = 'London'. As you can see from this example handling the @city value is not at straight forward, because you also need to define the extra quotes in order to pass a character value into the query. These extra quotes could also be done within the statement, but either way you need to specify the extra single quotes in order for the query to be built correctly and therefore run. DECLARE @sqlCommand varchar(1000) DECLARE @columnList varchar(75) DECLARE @city varchar(75) SET @columnList = 'CustomerID, ContactName, City' SET @city = '''London''' SET @sqlCommand = 'SELECT ' + @columnList + ' FROM customers WHERE City = ' + @city EXEC (@sqlCommand)

sp_exectesql
With this approach you have the ability to still dynamically build the query, but you are also able to still use parameters as you could in example 1. This saves the need to have to deal with the extra quotes to get the query to build correctly. In addition, with using this approach you can ensure that the data values being passed into the query are the correct datatypes. DECLARE @sqlCommand nvarchar(1000) DECLARE @columnList varchar(75) DECLARE @city varchar(75) SET @columnList = 'CustomerID, ContactName, City' SET @city = 'London' SET @sqlCommand = 'SELECT ' + @columnList + ' FROM customers WHERE City = @city' EXECUTE sp_executesql @sqlCommand, N'@city nvarchar(75)', @city = @city

You might also like