Pass comparison operators as parameters and use directly in SQL stored procedure - sql

I have a SQL stored procedure which takes several parameters. In there I need to pass conditions as =, <, > and use them in the query.
Currently what I'm doing is I check what's the condition and change a part of the query according to it. I want to pass the condition as a parameter and use it directly in the query.
This is how I'm doing now,
I'm passing these parameters:
#software_type nvarchar(50),
#software_id nvarchar(50),
#condition char,
#version_id float
Query:
DECLARE
#BaseQuery nvarchar(max) = N'SELECT DISTINCT Installed_Software.vm_name FROM Installed_Software INNER JOIN Software ON Installed_Software.software_id = Software.software_id INNER JOIN Software_Version ON Installed_Software.software_id = Software_Version.software_id AND Installed_Software.version_id = Software_Version.version_id AND Software.software_id = Software_Version.software_id',
#WhereClause nvarchar(max) = ' WHERE 1=1',
#ParamList nvarchar(max) = N'#sfType nvarchar(50),#sfId nvarchar(50),#verId float,#cond char'
IF #software_type IS NOT NULL
BEGIN
SET #WhereClause = #WhereClause + ' AND Software.software_type = #sfType';
END
IF #software_id IS NOT NULL
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.software_id=#sfId';
END
IF #version_id IS NOT NULL AND #condition IS NOT NULL
BEGIN
IF #condition = '='
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id = #verId';
END
ELSE IF #condition ='>'
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id > #verId';
END
ELSE IF #condition='<'
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id < #verId';
END
ELSE IF #condition = '>='
BEGIN
SET #WhereClause=#WhereClause + ' AND Installed_Software.version_id >= #verId';
END
ELSE IF #condition='<='
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id <= #verId';
END
ELSE
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id = #verId';
END
END
SET #BaseQuery = #BaseQuery + #WhereClause;
EXECUTE sp_executesql #BaseQuery, #ParamList, #sfType=#software_type, #sfId=#software_id, #verId=#version_id;
What I want to do is something like this:
IF #version_id IS NOT NULL AND #condition IS NOT NULL
BEGIN
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id' + '#condition' + '#version_id';
END
Is this possible to do that?


I would suggest not using dynamic sql for this.
I believe that the following query should return the same results as the dynamic sql version:
SELECT DISTINCT Installed_Software.vm_name
FROM Installed_Software
INNER JOIN Software
ON Installed_Software.software_id = Software.software_id
INNER JOIN Software_Version
ON Installed_Software.software_id = Software_Version.software_id
AND Installed_Software.version_id = Software_Version.version_id
AND Software.software_id = Software_Version.software_id
WHERE
(
#software_type IS NULL
OR Software.software_type = #software_type
)
AND
(
#software_id IS NULL
OR Installed_Software.software_id = #software_id
)
AND
(
#version_id IS NULL
OR #condition IS NULL
OR (#condition = '=' AND Installed_Software.version_id = #version_id)
OR (#condition = '>' AND Installed_Software.version_id > #version_id)
OR (#condition = '<' AND Installed_Software.version_id < #version_id)
OR (#condition = '>=' AND Installed_Software.version_id >= #version_id)
OR (#condition = '<=' AND Installed_Software.version_id <= #version_id)
)


Is this possible to do that? YES
Just add single space between your condition to avoid syntactical error
SET #WhereClause = #WhereClause + ' AND Installed_Software.version_id ' + '#condition' + ' #version_id';
----^ -----^

Related

saveDelimitedColumns

I am using the stored procedure, saveDelimitedColumns (found: http://www.virtualobjectives.com.au/sqlserver/saving_), to save data results as a .csv file. This works great with one exception...when it saves as a .csv file the column headers within excel have brackets. For example, [Client ID], I would like the column heading to be without brackets, as Client ID.
Below is the savedelimitedcolumns stored procedure and I cannot figure out if there is a way to make it so there are no brackets when it publishes as a .csv file.
Is it possible to make an alteration somewhere in the code below to accomplish this?
Thank you,
ALTER PROCEDURE [dbo].[SaveDelimitedColumns]
#PCWrite varchar(1000) = NULL,
#DBFetch varchar(4000),
#DBWhere varchar(2000) = NULL,
#DBThere varchar(2000) = NULL,
#DBUltra bit = 1,
#Delimiter varchar(100) = 'CHAR(44)', -- Default is ,
#TextQuote varchar(100) = 'CHAR(34)', -- Default is " Use SPACE(0) for none.
#Header bit = 0, -- Output header. Default is 0.
#NullQuoted bit = 0,
#DateTimeStyle tinyint = 120 -- CONVERT Date Time Style. Default is ODBC canonical yyyy-mm-dd hh:mi:ss(24h)
AS
BEGIN
SET NOCOUNT ON;
DECLARE #Return int
DECLARE #Retain int
DECLARE #Status int
SET #Status = 0
DECLARE #TPre varchar(10)
DECLARE #TDo3 tinyint
DECLARE #TDo4 tinyint
SET #TPre = ''
SET #TDo3 = LEN(#TPre)
SET #TDo4 = LEN(#TPre) + 1
DECLARE #DBAE varchar(40)
DECLARE #Task varchar(6000)
DECLARE #Bank varchar(4000)
DECLARE #Cash varchar(2000)
DECLARE #Risk varchar(2000)
DECLARE #Next varchar(8000)
DECLARE #Save varchar(8000)
DECLARE #Work varchar(8000)
DECLARE #Wish varchar(max)
DECLARE #Name varchar(100)
DECLARE #Same varchar(100)
DECLARE #Rank smallint
DECLARE #Kind varchar(20)
DECLARE #Mask bit
DECLARE #Bond bit
DECLARE #Size int
DECLARE #Wide smallint
DECLARE #More smallint
DECLARE #DBAI varchar(2000)
DECLARE #DBAO varchar(8000)
DECLARE #DBAU varchar(max)
DECLARE #Fuse int
DECLARE #File int
DECLARE #HeaderString varchar(8000)
DECLARE #HeaderDone int
SET #DBAE = '##SaveFile' + RIGHT(CONVERT(varchar(10),##SPID+100000),5)
SET #Task = 'IF EXISTS (SELECT * FROM tempdb.dbo.sysobjects WHERE name = ' + CHAR(39) + #DBAE + CHAR(39) + ') DROP TABLE ' + #DBAE
EXECUTE (#Task)
SET #Bank = #TPre + #DBFetch
IF NOT EXISTS (SELECT * FROM sysobjects WHERE RTRIM(type) = 'U' AND name = #Bank)
BEGIN
SET #Bank = CASE WHEN LEFT(LTRIM(#DBFetch),6) = 'SELECT' THEN '(' + #DBFetch + ')' ELSE #DBFetch END
SET #Bank = REPLACE(#Bank, CHAR(94),CHAR(39))
SET #Bank = REPLACE(#Bank,CHAR(45)+CHAR(45),CHAR(32))
SET #Bank = REPLACE(#Bank,CHAR(47)+CHAR(42),CHAR(32))
END
IF #DBWhere IS NOT NULL
BEGIN
SET #Cash = REPLACE(#DBWhere,'WHERE' ,CHAR(32))
SET #Cash = REPLACE(#Cash, CHAR(94),CHAR(39))
SET #Cash = REPLACE(#Cash,CHAR(45)+CHAR(45),CHAR(32))
SET #Cash = REPLACE(#Cash,CHAR(47)+CHAR(42),CHAR(32))
END
IF #DBThere IS NOT NULL
BEGIN
SET #Risk = REPLACE(#DBThere,'ORDER BY' ,CHAR(32))
SET #Risk = REPLACE(#Risk, CHAR(94),CHAR(39))
SET #Risk = REPLACE(#Risk,CHAR(45)+CHAR(45),CHAR(32))
SET #Risk = REPLACE(#Risk,CHAR(47)+CHAR(42),CHAR(32))
END
SET #DBAI = ''
SET #DBAO = ''
SET #DBAU = ''
SET #Task = 'SELECT * INTO ' + #DBAE + ' FROM ' + #Bank + ' AS T WHERE 0 = 1'
IF #Status = 0 EXECUTE (#Task) SET #Return = ##ERROR
IF #Status = 0 SET #Status = #Return
-- For all columns (Fields) in the table.
DECLARE Fields CURSOR FAST_FORWARD FOR
SELECT '['+C.name+']', C.colid, T.name, C.isnullable, C.iscomputed, C.length, C.prec, C.scale
FROM tempdb.dbo.sysobjects AS O
JOIN tempdb.dbo.syscolumns AS C
ON O.id = C.id
JOIN tempdb.dbo.systypes AS T
ON C.xusertype = T.xusertype
WHERE O.name = #DBAE
ORDER BY C.colid
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
OPEN Fields
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
FETCH NEXT FROM Fields INTO #Same, #Rank, #Kind, #Mask, #Bond, #Size, #Wide, #More
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
-- Convert to character for header.
SET #HeaderString = ''
DECLARE #sql nvarchar(4000)
DECLARE #cDelimiter nvarchar(9)
DECLARE #cTextQuote nvarchar(9)
DECLARE #TypeFound bit
SET #sql = N'select #cDelimiter = ' + #Delimiter
EXEC sp_executesql #sql, N'#cDelimiter varchar(9) output', #cDelimiter output
SET #sql = N'select #cTextQuote = ' + #TextQuote
EXEC sp_executesql #sql, N'#cTextQuote varchar(9) output', #cTextQuote output
WHILE ##FETCH_STATUS = 0 AND #Status = 0
BEGIN
SET #TypeFound = 0
-- Build header.
IF LEN(#HeaderString) > 0 SET #HeaderString = #HeaderString + #cDelimiter + ISNULL(#cTextQuote + REPLACE(#Same, #cTextQuote, REPLICATE(#cTextQuote, 2))+#cTextQuote, SPACE(0))
IF LEN(#HeaderString) = 0 SET #HeaderString = ISNULL(#cTextQuote + REPLACE(#Same, #cTextQuote, REPLICATE(#cTextQuote, 2))+#cTextQuote, SPACE(0))
IF #Kind IN ('char','nchar','varchar','nvarchar','text','ntext','sysname','xml')
BEGIN
IF #NullQuoted = 0
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+REPLACE(' + #Same + ','+#TextQuote+',REPLICATE('+#TextQuote+',2))+'+#TextQuote+',SPACE(0))'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+REPLACE(' + #Same + ','+#TextQuote+',REPLICATE('+#TextQuote+',2))+'+#TextQuote+',SPACE(0))'
END
IF #NullQuoted = 1
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+REPLACE(' + #Same + ','+#TextQuote+',REPLICATE('+#TextQuote+',2))+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+REPLACE(' + #Same + ','+#TextQuote+',REPLICATE('+#TextQuote+',2))+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
END
SET #TypeFound = 1
END
IF #Kind IN ('bit','tinyint','smallint','int','bigint')
BEGIN
IF #NullQuoted = 0
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL(CONVERT(varchar(128),' + #Same + '),SPACE(0))'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL(CONVERT(varchar(128),' + #Same + '),SPACE(0))'
END
IF #NullQuoted = 1
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL(CONVERT(varchar(128),' + #Same + '),'+#TextQuote+'+'+#TextQuote+')'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL(CONVERT(varchar(128),' + #Same + '),'+#TextQuote+'+'+#TextQuote+')'
END
SET #TypeFound = 1
END
IF #Kind IN ('numeric','decimal','money','smallmoney','float','real')
BEGIN
IF #NullQuoted = 0
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL(CONVERT(varchar(128),' + #Same + '),SPACE(0))'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL(CONVERT(varchar(128),' + #Same + '),SPACE(0))'
END
IF #NullQuoted = 1
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL(CONVERT(varchar(128),' + #Same + '),'+#TextQuote+'+'+#TextQuote+')'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL(CONVERT(varchar(128),' + #Same + '),'+#TextQuote+'+'+#TextQuote+')'
END
SET #TypeFound = 1
END
IF #Kind IN ('uniqueidentifier','geometry','geography')
BEGIN
IF #NullQuoted = 0
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ')+'+#TextQuote+',SPACE(0))'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ')+'+#TextQuote+',SPACE(0))'
END
IF #NullQuoted = 1
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ')+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ')+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
END
SET #TypeFound = 1
END
IF #Kind IN ('datetime2','datetime','smalldatetime','time','date','datetimeoffset')
BEGIN
IF #NullQuoted = 0
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ','+convert(varchar(3),#DateTimeStyle)+')+'+#TextQuote+',SPACE(0))'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ','+convert(varchar(3),#DateTimeStyle)+')+'+#TextQuote+',SPACE(0))'
END
IF #NullQuoted = 1
BEGIN
IF #Rank = 1 SET #DBAU = ' ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ','+convert(varchar(3),#DateTimeStyle)+')+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
IF #Rank > 1 SET #DBAU = #DBAU + '+' + #Delimiter + '+ISNULL('+#TextQuote+'+CONVERT(varchar(128),' + #Same + ','+convert(varchar(3),#DateTimeStyle)+')+'+#TextQuote+','+#TextQuote+'+'+#TextQuote+')'
END
SET #TypeFound = 1
END
IF #TypeFound = 0
BEGIN
SET #Retain = 'ERROR: Data type ' + UPPER(#Kind) + ' was used but not supported by SaveDelimitedColumns.'
SET #Status = #Retain
END
FETCH NEXT FROM Fields INTO #Same, #Rank, #Kind, #Mask, #Bond, #Size, #Wide, #More
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
END
CLOSE Fields DEALLOCATE Fields
IF LEN(#DBAU) = 0 SET #DBAU = '*'
IF #PCWrite IS NOT NULL AND (#DBUltra = 0) AND (#Header = 1)
BEGIN
SET #HeaderString = replace(#HeaderString, '"', '""')
SET #DBAI = ' SELECT ' + CHAR(39) + #HeaderString + CHAR(39) + ' UNION ALL SELECT '
END
ELSE
SET #DBAI = ' SELECT '
SET #DBAO = ' FROM ' + #Bank + ' AS T'
+ CASE WHEN #DBWhere IS NULL THEN '' ELSE ' WHERE (' + #Cash + ') AND 0 = 0' END
+ CASE WHEN #DBThere IS NULL THEN '' ELSE ' ORDER BY ' + #Risk END
-- Output where #DBUltra = 0 (Uses XP_CMDSHELL \ BCP)
IF #PCWrite IS NOT NULL AND #DBUltra = 0
BEGIN
SET #Wish = 'USE ' + DB_NAME() + #DBAI + #DBAU + #DBAO
SET #Work = 'BCP "' + #Wish + '" QUERYOUT "' + #PCWrite + '" -w -T -S "' + ##SERVERNAME + '" '
-- PRINT #Work
EXECUTE #Return = master.dbo.xp_cmdshell #Work, NO_OUTPUT
SET #Retain = ##ERROR
IF #Status = 0 SET #Status = #Retain
IF #Status = 0 SET #Status = #Return
IF #Status <> 0 GOTO ABORT
END
-- Output where #DBUltra = 1 (Uses Ole Automation)
IF #PCWrite IS NOT NULL AND #DBUltra = 1
BEGIN
IF #Status = 0 EXECUTE #Return = sp_OACreate 'Scripting.FileSystemObject', #Fuse OUTPUT
SET #Retain = ##ERROR
IF #Status = 0 SET #Status = #Retain
IF #Status = 0 SET #Status = #Return
IF #Status = 0 EXECUTE #Return = sp_OAMethod #Fuse, 'CreateTextFile', #File OUTPUT, #PCWrite, -1
SET #Retain = ##ERROR
IF #Status = 0 SET #Status = #Retain
IF #Status = 0 SET #Status = #Return
IF #Status <> 0 GOTO ABORT
END
SET #DBAI = 'DECLARE Records CURSOR GLOBAL FAST_FORWARD FOR' + #DBAI
IF #Status = 0 EXECUTE (#DBAI+#DBAU+#DBAO) SET #Return = ##ERROR
IF #Status = 0 SET #Status = #Return
OPEN Records
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
FETCH NEXT FROM Records INTO #Next
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
-- Header.
SET #HeaderDone = 0
WHILE ##FETCH_STATUS = 0 AND #Status = 0
BEGIN
IF #PCWrite IS NOT NULL AND #DBUltra = 1
BEGIN
-- Write header (FILE).
IF (#Header = 1) and (#HeaderDone = 0)
BEGIN
SET #Save = #HeaderString + CHAR(13) + CHAR(10)
IF #Status = 0 EXECUTE #Return = sp_OAMethod #File, 'Write', NULL, #Save
SET #HeaderDone = 1
END
-- Write the data (FILE).
SET #Save = #Next + CHAR(13) + CHAR(10)
IF #Status = 0 EXECUTE #Return = sp_OAMethod #File, 'Write', NULL, #Save
IF #Status = 0 SET #Status = #Return
END
IF #PCWrite IS NULL
BEGIN
-- Print header (TEXT).
IF (#Header = 1) and (#HeaderDone = 0)
BEGIN
PRINT #HeaderString + CHAR(13) + CHAR(10)
SET #HeaderDone = 1
END
PRINT #Next
END
FETCH NEXT FROM Records INTO #Next
SET #Retain = ##ERROR IF #Status = 0 SET #Status = #Retain
END
CLOSE Records DEALLOCATE Records
-- Close output file (Ole Automation)
IF #PCWrite IS NOT NULL AND #DBUltra = 1
BEGIN
EXECUTE #Return = sp_OAMethod #File, 'Close', NULL
IF #Status = 0 SET #Status = #Return
EXECUTE #Return = sp_OADestroy #File
IF #Status = 0 SET #Status = #Return
EXECUTE #Return = sp_OADestroy #Fuse
IF #Status = 0 SET #Status = #Return
END
ABORT: -- This label is referenced when OLE automation fails.
IF #Status = 1 OR #Status NOT BETWEEN 0 AND 50000 RAISERROR ('SaveDelimitedColumns Windows Error [%d]', 16, 1, #Status)
SET #Task = 'IF EXISTS (SELECT * FROM tempdb.dbo.sysobjects WHERE name = ' + CHAR(39) + #DBAE + CHAR(39) + ') DROP TABLE ' + #DBAE
EXECUTE (#Task);
RETURN (#Status);
END;

Add the lines
SET #HeaderString = replace(#HeaderString, '[', '')
SET #HeaderString = replace(#HeaderString, ']', '')
right after the line
CLOSE Fields DEALLOCATE Fields

SELECT '['+C.name+']', C.colid, T.name, C.isnullable, C.iscomputed, C.length, C.prec, C.scale
Right there you added the [ ] to your column names, C.Name is the column name. Most times you can get away with not using the braces, unless your tables use reserved words for column names.
SELECT C.name, C.colid, T.name, C.isnullable, C.iscomputed, C.length, C.prec, C.scale
Alternatively you could trim them at the end, right after you CLOSE and DEALOCATE your Fields cursor, like this:
CLOSE Fields DEALLOCATE Fields
SET #HeaderString = replace(replace(#HeaderString, ']', ''), '[', '')

Multiple conditional Where clause

I currently have a query that will pull a bunch of information from my database based on whatever where condition that I want to use.
declare #CaseNum char(7),
#ImportId char,
#FormatId char,
#SessionId char(5)
set #CaseNum = '' --I can place the value that I want to search by in here
set #ImportId = ''
set #FormatId = ''
set #SessionId = ''
--------------------
query in here
--------------------
where
gr.[CaseNum] = #CaseNum --currently I have to comment the ones I'm not using out
--im.[ImportId] = #ImportId
--fr.[FormatId] = #FormatId
--se.[SessionId] = #SessionId
I want to be able to take the comment portion out and simply display all rows if the parameter = ''
For example if I use set #CaseNum = '1234567' then it will search by that parameter and if I use #FormatId = '12' it will search by that one.
I have tried using the following and a few other attempts but I am getting nowhere fast.
where
gr.[CaseNum] = '%' + #CaseNum + '%'
and im.[ImportId] = '%' + #ImportId + '%'
and fr.[FormatId] = '%' + #FormatId + '%'
and se.[SessionId] = '%' + #SessionId + '%'

With help from the link that #Norman posted I figured it out. I wanted to post my solution for others to see.
declare #CaseNum varchar(MAX),
#ImportId varchar(MAX)
set #CaseNum = ''
set #ImportId = ''
----------------------------------------------------------------------------
If(#CaseNum = '') --Sets the parameter to NULL for COALESCE to work
Begin
Select #CaseNum = NULL
End
If(#ImportId = '') --Sets the parameter to NULL for COALESCE to work
Begin
Select #ImportId = NULL
End
--------------------
query in here
--------------------
where
gr.[CaseNum] = COALESCE(#CaseNum, gr.[CaseNum])
and im.ImportId = COALESCE(#ImportId, im.ImportId)
This solution allows the query to use just a single parameter or all at the same time.

You might want to look into building your query.
DECLARE #Number varchar(10)
DECLARE #Where varchar(max)
DECLARE #Query varchar(max)
SET #Query = 'SELECT * FROM TestTable'
SET #Where = ''
SET #Number = '3'
IF ISNULL(#Number, '') != ''
BEGIN
SET #Where = #Where + 'and testNumber = ' + #Number
END
IF LEN(#Where) > 0
BEGIN
SET #Where = SUBSTRING(#Where, 4, LEN(#Where))
END
if ISNULL(#Where, '') != ''
BEGIN
SET #Query = #Query + ' WHERE ' + #Where
END
EXEC(#Query)
Check out this gentleman's article for reference: https://social.msdn.microsoft.com/forums/sqlserver/en-US/1ec6ddd9-754b-4d78-8d3a-2b4da90e85dc/dynamically-building-where-clauses

How to from query escaping comma and other special character in SQL Server stored procedure

I have a function which returns the comma separate values, but when I use
COALESCE(#Jiraids + ', ', '')
I get an error.
ALTER FUNCTION [dbo].[getCommonJiraIds](
#selct varchar(100),
#whereClause varchar(100),
#id varchar(100),
#TEST_RESULT_INFO_ID varchar(20) )
RETURNS varchar(max)
AS
BEGIN
DECLARE #Jiraids VARCHAR(8000)
DECLARE #sql varchar(max)
SET #whereClause = 'dbo.SNSTestResults.JIRA_ID <> '' AND dbo.SNSTestResults.'+#whereClause+ ''+ QUOTENAME(#id,'''') + 'AND dbo.SNSTestResults.Test_result_info_ID_FK LIKE '+QUOTENAME(#TEST_RESULT_INFO_ID,'''')
SET #sql = 'Select #Jiraids = COALESCE(#Jiraids + '', '', '') + case when (#selct LIKE Jira_ID_Maped) then Jira_ID_Maped else Jira_ID end
FROM dbo.TestCaseList INNER JOIN dbo.SNSTestResults ON dbo.TestCaseList.TestCaseListID = dbo.SNSTestResults.TestCaseListID_FK'
set #sql = #sql + #WhereClause
EXEC #sql
RETURN ( select #Jiraids);
END
When I execute the above function I got this error:
Msg 203, Level 16, State 2, Procedure GetDailyCrJiraTable, Line 159
The name 'Select #Jiraids =COALESCE(#Jiraids + ', ', ') + case when (#selct LIKE Jira_ID_Maped) then Jira_ID_Maped else Jira_ID end FROM dbo.TestCaseList INNER JOIN dbo.SNSTestResults ON dbo.TestCaseList.TestCaseListID = dbo.SNSTestResults.TestCaseListID_FKdbo.SNSTestResults.JIRA_ID <> ' AND dbo.SNSTestResults.Jira_ID_Maped'UIBUG-4533'AND dbo.SNSTestResu' is not a valid identifier.
Somebody please help me to fix this issue.

SET #whereClause = 'dbo.SNSTestResults.JIRA_ID <> '''' AND dbo.SNSTestResults.'+#whereClause+ ''+ QUOTENAME(#id,'''') + 'AND dbo.SNSTestResults.Test_result_info_ID_FK LIKE '+QUOTENAME(#TEST_RESULT_INFO_ID,'''')
you need more ' after dbo.SNSTestResults.JIRA_ID <>

You have to add more ' to your COALESCE function as below
Select #Jiraids = COALESCE(#Jiraids + '', '', '''')
and as I said in comment you have to change this dbo.SNSTestResults.JIRA_ID <> ''
to dbo.SNSTestResults.JIRA_ID <> '''' AND

ALTER FUNCTION [dbo].[getCommonJiraIds](
#selct varchar(100),
#whereClause varchar(100),
#id varchar(100),
#TEST_RESULT_INFO_ID varchar(20) )
-- your four inputs
RETURNS varchar(max)
AS
BEGIN
DECLARE #Jiraids VARCHAR(8000)
DECLARE #sql varchar(max)
SET #whereClause = 'dbo.SNSTestResults.JIRA_ID <> ''
AND dbo.SNSTestResults.'+#whereClause+ ''+ QUOTENAME(#id,'''')
+ 'AND dbo.SNSTestResults.Test_result_info_ID_FK LIKE '+QUOTENAME(#TEST_RESULT_INFO_ID,'''')
you do not know it yet, but your Query does not actually have a WHERE clause written in.
I hope you are not actually expecting the programmer to write extra
code in your function everytime it is used.
SET #sql = 'Select #Jiraids = COALESCE(#Jiraids + '', '', '') + case when (#selct LIKE Jira_ID_Maped) then Jira_ID_Maped else Jira_ID end
FROM dbo.TestCaseList INNER JOIN dbo.SNSTestResults ON dbo.TestCaseList.TestCaseListID = dbo.SNSTestResults.TestCaseListID_FK
Your #selct has not been correctly identified. SQL SERVER cannot know
at compile time that it is a #variable.
Also, are you sure your function will only return one row? In some cases, being explicit about the expected occurrence (should someone actually use a '%' in their PREDICATE) can prevent a future breakdown in the code.
set #sql = #sql + #WhereClause
EXEC #sql
Thankfully, SO exists to help people out. :D
A correct version could be like the following:
ALTER FUNCTION [dbo].[getCommonJiraIds](
#selct varchar(100),
#whereClause varchar(100),
#id varchar(100),
#TEST_RESULT_INFO_ID varchar(20) )
-- your four inputs
RETURNS varchar(max)
AS
BEGIN
DECLARE #Jiraids VARCHAR(8000)
DECLARE #sql varchar(max)
SET #sql = '
Select #Jiraids = TOP 1 COALESCE(#Jiraids + '', '', '') + CASE WHEN (' + #selct + ' = Jira_ID_Maped)
THEN Jira_ID_Maped
ELSE Jira_ID END
FROM dbo.TestCaseList
INNER JOIN dbo.SNSTestResults ON dbo.TestCaseList.TestCaseListID = dbo.SNSTestResults.TestCaseListID_FK'
SET #whereClause = 'WHERE dbo.SNSTestResults.JIRA_ID <> ''
AND dbo.SNSTestResults.'+#whereClause+ ''+ QUOTENAME(#id,'''')
+ 'AND dbo.SNSTestResults.Test_result_info_ID_FK LIKE '+QUOTENAME(#TEST_RESULT_INFO_ID, '')
set #sql = #sql + #WhereClause
EXEC #sql
RETURN ( select #Jiraids);
END

Invalid length parameter passed to the LEFT or SUBSTRING function

Following is my query and it works fine when I have like TRAILER_MAKE_MODEL 'testing ~ testing, test ~ testq,' ends with comma but can't handle 'testing ~ testing, test ~ testq' same as for other variable TRAILER_IDV. I tried my best but cant work it out any help would be appreciated.
My aim is to get the comma separated value for xml.
DECLARE #TRAILER_MAKE_MODEL VARCHAR(MAX)
DECLARE #TRAILER_IDV VARCHAR(MAX)
DECLARE #USER_TYPE VARCHAR(MAX)
DECLARE #START_INDEX_1 INT
DECLARE #START_INDEX_4 INT
DECLARE #END_INDEX_1 INT
DECLARE #END_INDEX_4 INT
DECLARE #VALUE VARCHAR(50)
DECLARE #QUERY VARCHAR(MAX)
set #TRAILER_MAKE_MODEL='testing ~ testing, test ~ testq,'
set #TRAILER_IDV='3500, 3400,'
set #USER_TYPE='MOBILE'
set #QUERY = ''
set #START_INDEX_1 = 1
set #START_INDEX_4 = 1
set #END_INDEX_1 = 0
if ISNULL(#TRAILER_MAKE_MODEL,'') <> ''
begin
WHILE #START_INDEX_1 > 0 and #START_INDEX_1 < len(#TRAILER_MAKE_MODEL)
BEGIN
SET #END_INDEX_1 = CHARINDEX(',',#TRAILER_MAKE_MODEL,#START_INDEX_1)
if #END_INDEX_1 = 0 and #START_INDEX_1 = 1
Begin
SET #END_INDEX_1 = len(#TRAILER_MAKE_MODEL)
END
if #USER_TYPE <> 'MOBILE'
Begin
SET #END_INDEX_1 = #END_INDEX_1 +1
End
SET #VALUE = SUBSTRING(#TRAILER_MAKE_MODEL,#START_INDEX_1,#END_INDEX_1 - #START_INDEX_1)
SET #QUERY = #QUERY + 'UNION ALL SELECT ''' + #VALUE + ''' TRAILER_MAKE_MODEL'
SET #END_INDEX_4 = CHARINDEX(',',#TRAILER_IDV,#START_INDEX_4)
if #END_INDEX_4 = 0 and #START_INDEX_4 = 1
Begin
SET #END_INDEX_4 = len(#TRAILER_IDV)
END
if #USER_TYPE <> 'MOBILE'
Begin
SET #END_INDEX_4 = #END_INDEX_4 +1
End
SET #VALUE = SUBSTRING(#TRAILER_IDV,#START_INDEX_4,#END_INDEX_4 - #START_INDEX_4)
SET #QUERY = #QUERY + ',' + #VALUE + 'TRAILER_IDV '
print #QUERY
SET #START_INDEX_1 = #END_INDEX_1 + 1
SET #START_INDEX_4 = #END_INDEX_4 + 1
END
select #QUERY=substring(#QUERY, 10, LEN(#QUERY) - 9)
EXEC (#QUERY)
END

You already have a lot of code here so two extra lines where you assign a comma at the end of each string should probably not slow things down for you or make the code less maintainable.
SET #TRAILER_MAKE_MODEL += ',';
SET #TRAILER_IDV += ',';
I don't really understand what your code does but to get the result you are getting you can use a split string function that returns the index of the item like this.
select T1.Item as TRAILER_MAKE_MODEL,
T2.Item as TRAILER_IDV
from dbo.SplitString(#TRAILER_MAKE_MODEL, ',') as T1
inner join dbo.SplitString(#TRAILER_IDV, ',') as T2
on T1.ItemNumber = T2.ItemNumber

SQL Server stored procedure

I want it to count then if #intcount > 0 it should show data or else no data found, but when I execute it gives me 'no data found' regardless, what am I doing wrong?
#FiscalYear int,
#SchoolID int,
#Status int
AS
BEGIN
SET NOCOUNT ON;
declare #sqlstr varchar(2000)
declare #intCount int
set #intCount = 0
set #sqlstr = 'Select #intCount = Count(*)
From PrivateSchool left outer join Attachment on Attachment.PrivateSchoolID = PrivateSchool.PrivateSchoolID
inner join FiscalYearPrivateSchool fp ON fp.PrivateSchoolID = PrivateSchool.PrivateSchoolID
Where (FiscalYear = '+convert(varchar, #FiscalYear)+') AND (PrivateSchool.IsActive = 1)'
IF (#SchoolID != -1)
SET #sqlstr = #sqlstr + ' AND SchoolID ='+ convert(varchar, #SchoolID)
IF (#Status = -1)
SET #sqlstr = #sqlstr + ' AND PrivateSchool.PrivateSchoolID = PrivateSchool.PrivateSchoolID'
Else IF (#Status = 1)
SET #sqlstr = #sqlstr + ' AND Attachment.PrivateSchoolID = PrivateSchool.PrivateSchoolID'
Else
SET #sqlstr = #sqlstr + ' AND Attachment.PrivateSchoolID is Null'
If (#intCount > 0)
BEGIN
set #sqlstr= 'Select SchoolName as School,
(Case when Attachment.PrivateSchoolID = PrivateSchool.PrivateSchoolID THEN ''Uploaded''
ELSE ''Not Uploaded'' END) AS Status,
COUNT(Attachment.PrivateSchoolID) AS [Count]
From PrivateSchool left outer join Attachment on Attachment.PrivateSchoolID = PrivateSchool.PrivateSchoolID
inner join FiscalYearPrivateSchool fp ON fp.PrivateSchoolID = PrivateSchool.PrivateSchoolID
Where (FiscalYear = '+convert(varchar, #FiscalYear)+') AND (PrivateSchool.IsActive = 1)'
IF (#SchoolID != -1)
SET #sqlstr = #sqlstr + ' AND SchoolID ='+ convert(varchar, #SchoolID)
IF (#Status = -1)
SET #sqlstr = #sqlstr + ' AND PrivateSchool.PrivateSchoolID = PrivateSchool.PrivateSchoolID'
Else IF (#Status = 1)
SET #sqlstr = #sqlstr + ' AND Attachment.PrivateSchoolID = PrivateSchool.PrivateSchoolID'
Else
SET #sqlstr = #sqlstr + ' AND Attachment.PrivateSchoolID is Null'
SET #sqlstr = #sqlstr + ' Group by SchoolName, Attachment.PrivateSchoolID, PrivateSchool.PrivateSchoolID'
SET #sqlstr = #sqlstr + ' Order By SchoolName'
EXEC(#sqlstr)
END
ELSE
Select 'No Data Found' as 'FileUpload'
END

You need:
EXEC sp_executesql #sqlstr, N'#intCount INT OUTPUT', #intCount = #intCount OUTPUT;
IF (#intCount > 0)
BEGIN
....
END
You'll also need to make #sqlstr NVARCHAR(2000) and add set it to N'SELECT ...' as opposed to 'SELECT ...' - that leading N can be important.

The problem is:
declare #intCount int
set #intCount = 0
...
<a bunch of code where #intcount doesn't change>
If (#intCount > 0)
It's always going to be 0.

Your issue is one of scope. The EXEC(#sqlstr) command doesn't have access to the #intcount variable in your stored procedure. I would bet if you ran this code in a query window, it would tell you to declare #intcount.
Listen to YUCK and rewrite this to avoid dynamic SQL, and then your SELECT will be able to set the #intcount variable.