Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to pass parameter values to a T-SQL query

Tags:

sql-server

sql-server-2005

oracle

ora-00936

I am using the following T-SQL query in SQL server 2005 (Management Studio IDE):

DECLARE @id int;
DECLARE @countVal int;
DECLARE @sql nvarchar(max);
SET @id = 1000;
SET @sql = 'SELECT COUNT(*) FROM owner.myTable WHERE id = @id';
EXEC (@sql) AT oracleServer -- oracleServer is a lined server to Oracle

I am not sure how to pass the input parameter @id to the EXEC query, and pass the count result out to @countVal. I saw some examples for Microsoft SQL server like:

EXEC (@sql, @id = @id)

I tried this for Oracle but I got a statement error: 

OLE DB provider "OraOLEDB.Oracle" for linked server "oracleServer" 
returned message "ORA-00936: missing expression"
like image 419
David.Chu.ca Avatar asked Feb 27 '09 05:02

David.Chu.ca

2 Answers

Try this:

EXEC sp_executesql @sql, N'@id int', @id

More info at this great article: http://www.sommarskog.se/dynamic_sql.html

As for the output, your SELECT needs to look something like this:

SELECT @countVal = COUNT(id) FROM owner.myTable WHERE id = @id

I'm selecting 'id' instead of '*' to avoid pulling unnecessary data...

Then your dynamic sql should be something like this:

EXEC sp_executesql @sql, 
                   N'@id int, @countVal int OUTPUT', 
                   @id, 
                   @countVal OUTPUT

This example is adapted from the same article linked above, in the section sp_executesql.

As for your Oracle error, you will need to find out the exact SQL that sp_executesql is sending to Oracle. If there is a profiler or query log in Oracle, that may help. I have limited experience with Oracle, but that would be the next logical step for troubleshooting your problem.

like image 187
Jim Counts Avatar answered Sep 20 '22 02:09

Jim Counts

The quick and dirty way is to just build the string before using the EXEC statement, however this is not the recommended practice as you may open yourself up to SQL Injection.

DECLARE @id int;
DECLARE @countVal int;
DECLARE @sql nvarchar(max);
SET @id = 1000;
SET @sql = 'SELECT COUNT(*) FROM owner.myTable WHERE id = ' + @id 
EXEC (@sql) AT oracleServer -- oracleServer is a lined server to Oracle

The correct way to do this is to use the system stored procedure sp_executesql as detailed by magnifico, and recommended by Microsoft in Books Online is:

EXEC sp_executesql @sql, N'@id int', @id
like image 31
John Sansom Avatar answered Sep 17 '22 02:09

John Sansom
Sign in to Comment

Related questions

Should i disable clustered index before deleting data?
How to check if my SQL Server Express database exceeds the 10 GB size limit?
Case Sensitive String Comparison
Executing stored procedure takes too long than executing TSQL
Is there a way to favorite or star frequently-used tables in SSMS 2012?
Escaping strings containing single quotes in PowerShell ready for SQL query
Detach database programmatically
how to repeat each row twice
order by sort wrong records
SQL Server - Deleting rows between a date range using SQL. Date conversion fails
sql delete row error
Scaffold-DbContext: command not found
SQL Server CTE for Recursion and Ordering
How can I select distinct by one column?
How to change SQL Server for JSON Auto column name?
Declare multiple variables in SQL
The transaction log for database 'test' is full due to 'LOG_BACKUP'. and free space issue with C Drive
Repeat value between two values in a column
Do you generate your data dictionary? [closed]
Setting and resetting the DATEFORMAT in SQLServer 2005

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!