Menu
From a client application I tyipically do:
select * from table where Name = :Parameter and then before executing the query I do
:Parameter = 'John' These parameters are not a Search&Replace but real parameters passed to the server. Since I need to test some of those queries in detail, how can I write the query in management studio?
I want to write the query with parameters and give a value to the parameter. How can this be done?
Update:
To remove confusion here I add info to better express myseld.
when I execute a normal query I see in sql server profiler
select * from table where Name = 'John' while when I execute a parametrized query I see this:
exec sp_executesql N'select * from table where Name = @P1',N'@P1 varchar(8000)','John' This is why I say it is not a search and replace.
278
Declare statements start with the keyword DECLARE , followed by the name of the parameter (starting with a question mark) followed by the type of the parameter and an optional default value. The default value must be a literal value, either STRING , NUMERIC , BOOLEAN , DATE , or TIME .
A parameterized query is a query in which placeholders are used for parameters and the parameter values are supplied at execution time. The most important reason to use parameterized queries is to avoid SQL injection attacks. Let's take a look at what can happen if we don't use parameterized queries.
Using parameterized queries is a three-step process: Construct the SqlCommand command string with parameters. Declare a SqlParameter object, assigning values as appropriate. Assign the SqlParameter object to the SqlCommand object's Parameters property.
How about something like
DECLARE @Parameter VARCHAR(20) SET @Parameter = 'John' SELECT * FROM Table WHERE Name = @Parameter If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
