|
database
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Help with stored procedure using "IN"Say my parameter, @whereClause, has the following value passed to it:
'accomodationTypes IN ('Villas','Deluxe')' This is throwing an error if I wrap it in single qoutes like I need to. How do you wrap something like that in single qoutes yet account for the string values 'Villas' and 'Deluxe'? It is odd because in Query Analyzer i pass over the following to the stored procedure: exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId accomodationTypes IN (''Villas'',''Suites''))' This executes fine in Analyzer. Then I try to run it from my ASP page, and it throws an incorrect syntax error (near ')'). Any ideas? Why is articleID and a carriage return there? I don't see that in the code
you're running in Query Analyzer, but I see you're passing it in @whereClause. If you're just appending it to the SQL and then running it via EXEC or sp_executeSQL, then you absolutely should be getting an incorrect suntax error. Lots of problems here, anyway. Read up on dynamic SQL, SQL injection, ... good starting point: http://www.sommarskog.se/dynamic_sql.html Also see http://www.aspfaq.com/2248 <CarlosSanche***@gmail.com> wrote in message Show quote news:1149707271.546045.40900@j55g2000cwa.googlegroups.com... > Say my parameter, @whereClause, has the following value passed to it: > > 'accomodationTypes IN ('Villas','Deluxe')' > > This is throwing an error if I wrap it in single qoutes like I need to. > How do you wrap something like that in single qoutes yet account for > the string values 'Villas' and 'Deluxe'? > > It is odd because in Query Analyzer i pass over the following to the > stored procedure: > > exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId > accomodationTypes IN (''Villas'',''Suites''))' > > This executes fine in Analyzer. Then I try to run it from my ASP page, > and it throws an incorrect syntax error (near ')'). > > Any ideas? > I made a mistake in typing that text here. It really looks like this:
================================================ exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId IN (SELECT articleId FROM tblArticlesAccomodationTypeRelationship WHERE accomodationTypes IN (''Villas'',''Suites''))' ================================================ Note there are no line breaks, unless this group editor is intentionally putting one in. The only thing that changes is the WHERE clause and the 'premiumUserId' (WHERE clause must be dynamic, there are at least 150 combinations, and I'm trying not to make 150 stored procedures). Below is the SP. It works just fine with numeric values, but not with text, as I noted in my first post. =================================================== CREATE PROCEDURE dbo.InsertAvpArticles3 @premiumUserId int, @whereClause varchar(1000) AS DECLARE @articleId int DECLARE @categoryId int DECLARE @hotelId int SET NOCOUNT ON CREATE TABLE #temp (id int identity, articleId int, categoryId int, hotelId int) EXEC ('INSERT #temp(articleId, categoryId, hotelId) SELECT articleId ,categoryId ,hotelId FROM tblArticles WHERE ' + @whereClause) DECLARE @LoopID int, @MaxID int SELECT @LoopID=1, @MaxID = MAX(ID) from #temp WHILE @LoopID <= @MaxID BEGIN SELECT @articleId=articleId, @categoryId=categoryId, @hotelId=hotelId FROM #temp where ID = @LoopID IF NOT EXISTS (SELECT * FROM tblAVPArticles WHERE premiumUserId = @premiumUserId AND articleId = @articleId) BEGIN INSERT tblAVPArticles (premiumUserId, articleId, categoryId, hotelId, createdByAvp) VALUES (@premiumUserId, @articleId, @categoryId, @hotelId, 1) END SET @LoopID = @LoopID + 1 END GO You need to escape your single quotes again, I think, because the parser
will need to pass over this parameter twice -- once when accepting it on SP call, and once when running it through the subsequent EXEC call. Try exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId IN (SELECT articleId FROM tblArticlesAccomodationTypeRelationship WHERE accomodationTypes IN (''''Villas'''',''''Suites''''))' <CarlosSanche***@gmail.com> wrote in message Show quote news:1149709735.571449.313350@h76g2000cwa.googlegroups.com... >I made a mistake in typing that text here. It really looks like this: > ================================================ > exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId > IN (SELECT articleId FROM tblArticlesAccomodationTypeRelationship WHERE > accomodationTypes IN (''Villas'',''Suites''))' > ================================================ > Note there are no line breaks, unless this group editor is > intentionally putting one in. The only thing that changes is the WHERE > clause and the 'premiumUserId' (WHERE clause must be dynamic, there are > at least 150 combinations, and I'm trying not to make 150 stored > procedures). > > Below is the SP. It works just fine with numeric values, but not with > text, as I noted in my first post. > =================================================== > CREATE PROCEDURE dbo.InsertAvpArticles3 > @premiumUserId int, > @whereClause varchar(1000) > AS > > DECLARE @articleId int > DECLARE @categoryId int > DECLARE @hotelId int > > SET NOCOUNT ON > > CREATE TABLE #temp (id int identity, articleId int, categoryId int, > hotelId int) > > EXEC ('INSERT #temp(articleId, categoryId, hotelId) > SELECT articleId ,categoryId ,hotelId FROM tblArticles WHERE ' + > @whereClause) > > DECLARE @LoopID int, @MaxID int > > SELECT @LoopID=1, @MaxID = MAX(ID) from #temp > > WHILE @LoopID <= @MaxID > BEGIN > > SELECT @articleId=articleId, @categoryId=categoryId, > @hotelId=hotelId FROM #temp > where ID = @LoopID > > IF NOT EXISTS (SELECT * FROM tblAVPArticles WHERE > premiumUserId = @premiumUserId AND articleId = @articleId) > > BEGIN > INSERT tblAVPArticles > (premiumUserId, articleId, categoryId, hotelId, > createdByAvp) > VALUES > (@premiumUserId, @articleId, @categoryId, @hotelId, 1) > END > > SET @LoopID = @LoopID + 1 > END > GO > Just tried that, and still got this error message:
===================================== Microsoft OLE DB Provider for SQL Server error '80040e14' Line 2: Incorrect syntax near 'Campsites'. ===================================== Was trying to execute: ===================================== exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId IN (SELECT articleId FROM tblArticlesAccomodationTypeRelationship WHERE accomodationTypes IN (''''Campsites'''',''''Deluxe'''',''''Value'''',''''Villas'''',''''Moderate'''',''''Suites''''))' ===================================== This is pretty frustrating! :-) But I hope to get it nailed down. I still don't understand why wrapping the values (CAMPSITE, DELUXE, etc) with two apostrophes each worked in Query Analyzer but not through ASP database command. Aaron Bertrand [SQL Server MVP] wrote: Show quote > You need to escape your single quotes again, I think, because the parser > will need to pass over this parameter twice -- once when accepting it on SP > call, and once when running it through the subsequent EXEC call. Try > > exec InsertAvpArticles3 @premiumUserId=100001, @whereClause='articleId > IN (SELECT articleId FROM tblArticlesAccomodationTypeRelationship WHERE > accomodationTypes IN (''''Villas'''',''''Suites''''))' > This is pretty frustrating! :-) Yep, that's one of the many costs of dynamic SQL.How about starting with some basic debugging, and trying to print the sql statement instead of executing it??????? A  
Other interesting topics
|
|||||||||||||||||||||||
