Stored Procedure with parameter

A

Alan T

I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of employee
of id 4.

Is there a way to just use this string, list_employee 4 instead of splitting
into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.
 
J

John B

Alan said:
I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of employee
of id 4.

Is there a way to just use this string, list_employee 4 instead of splitting
into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.
Click to expand...
No, you will have to split up the string and set the querytext to
list_employee and add 4 as a parameter.
You might be able to wrap it using exec or sp_executesql but you would
have to check that one.

JB
 
N

Nicholas Paldino [.NET/C# MVP]

It should be noted that passing a string like this is a horrible way of
doing this. If you construct the string from user input, you leave yourself
wide open to an injection attack.

Use SqlCommand and SqlParameter. They are your friends.
 
J

John B

Nicholas said:
It should be noted that passing a string like this is a horrible way of
doing this. If you construct the string from user input, you leave yourself
wide open to an injection attack.

Use SqlCommand and SqlParameter. They are your friends.
Click to expand...
Definitely, however since the name of the sp is passed I would think
(hope) that it wouldnt be from user input.

IDbCommand and IDataParameter should be any db programs workhorses :)

JB
 
R

Robert Bravery

HI,
Add the exec to the front of the SQL expression and treat is as a norlam sql
expression, as in
"Exec list_employee 4"
this should call the SP with the 4 as the parameter.

Robert
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

help with stored procedure and parameters. 2
How can an output parameter update a DataTable in a DataSet 0
using stored procedure 3
Stored procedure with output parameter 7
Generic Database handling class 13
Stored Procedures and check for recordcount 2
Calling a stored procedure with a output parameter 1
CLR stored procedure fails to rollback the transaction? 9

Top