Welcome to Sign in | Help
Search
Home Blogs External Feeds Forums Photos Downloads About Us
» Romanian Section » Intrebari » T-SQL » Re: Parametru tip int

Re: Parametru tip int

  •  09-05-2007, 1:30 PM

    Re: Parametru tip int

    Reply Quote

    Sau folositi sql dinamic si aveti grija la sql injection:

    DECLARE @InVariable varchar(1024);
    DECLARE @SQLString nvarchar(500);

    DECLARE @ParmDefinition nvarchar(500);

    SET @ParmDefinition = N'@tipuri varchar(1024)';

    SET @SQLString =N'select * from tabel where tip IN (@tipuri)';

    SET @tipuri='1,2,3';

    EXECUTE sp_executesql @SQLString, @ParmDefinition,
                          @tipuri= @InVariable;

    Cristian Andrei Lefter, SQL Server MVP
    MCT, MCSA, MCDBA, MCAD, MCSD .NET,
    MCTS, MCITP - Database Administrator SQL Server 2005
    http://sqlserver.ro
View Complete Thread
Powered by Community Server (Commercial Edition), by Telligent Systems