I need to append below select query set with another set query based on condition
DECLARE #queryString VARCHAR(1000);
-- Insert statements for procedure here
Set #queryString ='SELECT
CASE
WHEN d.sno IS NOT NULL THEN 'y'
ELSE NULL
END
amendment_type,
u.user_login_id [User],
role_name [Role],
u.user_name [Name],
a.companyname +':<br>('+b.branch+')' [Agent/Branch],
u.last_login_pc+'('+u.ip_address+')<br> Login Time: '+cast(u.last_login AS varchar(50)) [Last Login],
u.lock_status [Lock/Unlock],
CASE
WHEN u.lock_status='y' THEN 'Locked - '+ u.lock_by
WHEN datediff(d,u.last_login,getdate())>u.lock_days
AND isnull(u.lock_days,0)>0 THEN 'Locked - Day Exceed'
WHEN u.active_session IS NULL
AND isnull(u.lock_status,'n')='n' THEN 'Not Login'
ELSE 'Active'
END
[Status],
u.*,
a.agentcan,
b.branch,
b.branchcodechar,
NULL branchcan
FROM agentsub u
JOIN agentbranchdetail b
ON u.agent_branch_code=b.agent_branch_code
JOIN agentdetail a
ON b.agentcode=a.agentcode
LEFT OUTER JOIN application_role_agent_user r
ON u.user_login_id=r.user_id
LEFT OUTER JOIN application_role p
ON r.role_id=p.role_id
LEFT OUTER JOIN agentsub_amendment d
ON d.agent_user_id=u.agent_user_id
WHERE 1=1'
IF (#loginId !=null)
BEGIN
SET #queryString =#queryString + 'and u.user_login_id like ('+ #loginId +')'
END
SET #queryString =#queryString +'order by u.user_login_id,a.companyname,b.branch'
EXEC #queryString
First... Your query as it stands (via notepad++) is 1,731 characters, so it wont fit into a varchar(1000)
Second... You need to address some escaping issues with your query; e.g.
WHEN d.sno IS NOT NULL THEN 'y'
should probably be
WHEN d.sno IS NOT NULL THEN ''y''
Third... google/investigate sp_executesql and parameters
Finally... as #Panagiotis Kanavos says, Don't concatenate anything (see Third...); you need to look up "sql injection"
#uberbloke is correct regarding query length.
EXEC sp_executesql with multiple parameters link give you solution for dynamic query to pass parameter values.
Please check below updated query code.
DECLARE #queryString NVARCHAR(MAX);
-- Insert statements for procedure here
Set #queryString =
'SELECT
CASE
WHEN d.sno IS NOT NULL THEN ''y''
ELSE NULL
END
amendment_type,
u.user_login_id [User],
role_name [Role],
u.user_name [Name],
a.companyname + '':<br>('' + b.branch) [Agent/Branch],
u.last_login_pc + ''('' + u.ip_address + '')<br> Login Time: '' + cast(u.last_login AS varchar(50)) + '' [Last Login],
u.lock_status [Lock/Unlock],
CASE
WHEN u.lock_status = ''y'' THEN ''Locked - '' + u.lock_by
WHEN datediff(d,u.last_login,getdate()) > u.lock_days AND (u.lock_days,0) > 0 THEN ''Locked - Day Exceed''
WHEN u.active_session IS NULL AND isnull(u.lock_status,''n'') = ''n'' THEN ''Not Login''
ELSE ''Active''
END [Status],
u.*,
a.agentcan,
b.branch,
b.branchcodechar,
NULL branchcan
FROM agentsub u
JOIN agentbranchdetail b ON u.agent_branch_code = b.agent_branch_code
JOIN agentdetail a ON b.agentcode = a.agentcode
LEFT OUTER JOIN application_role_agent_user r ON u.user_login_id = r.user_id
LEFT OUTER JOIN application_role p ON r.role_id = p.role_id
LEFT OUTER JOIN agentsub_amendment d ON d.agent_user_id = u.agent_user_id
WHERE 1 = 1 '
IF (#loginId !=null)
BEGIN
SET #queryString = #queryString + 'and u.user_login_id like ('+ #loginId + ')'
END
SET #queryString = #queryString + ' order by u.user_login_id,a.companyname,b.branch'
EXEC sp_executesql #queryString
I am getting below error:
I have a stored procedure to return results filtered by some parameter (all parameters are optional).
Sometimes I want to get results where condition1 AND condition2 are true, and sometimes when only one of conditions is true.
SELECT
*
FROM
ProductAndServices
WHERE
Title = ISNULL(#Title,Title) #AndOR
CreatedBy = ISNULL(#CreatedBy,CreatedBy)
You could introduce a variable/parameter that specifies if you want to use AND or OR logic with your fields and incorporate that parameter in your WHERE-clause as well.
Something like this, for example:
-- Declared a variable here, but might be a stored procedure parameter as well
DECLARE #And BIT = 1 -- When 0, WHERE uses OR; when 1, WHERE uses AND
SELECT
*
FROM
ProductAndServices
WHERE
(#And = 0 AND (Title = ISNULL(#Title, Title) OR CreatedBy = ISNULL(#CreatedBy, CreatedBy))) OR
(#And = 1 AND (Title = ISNULL(#Title, Title) AND CreatedBy = ISNULL(#CreatedBy, CreatedBy)))
OPTION (RECOMPILE)
Furthermore, I would avoid using functions like ISNULL in the WHERE-clause, because it might prevent the query optimizer to use indexes.
So instead of this:
Title = ISNULL(#Title, Title)
CreatedBy = ISNULL(#CreatedBy, CreatedBy)
I would use:
(#Title IS NULL OR Title = #Title)
(#CreatedBy IS NULL OR CreatedBy = #CreatedBy)
With this, the query would become:
SELECT
*
FROM
ProductAndServices
WHERE
(#And = 0 AND ((#Title IS NULL OR Title = #Title) OR (#CreatedBy IS NULL OR CreatedBy = #CreatedBy))) OR
(#And = 1 AND ((#Title IS NULL OR Title = #Title) AND (#CreatedBy IS NULL OR CreatedBy = #CreatedBy)))
OPTION (RECOMPILE)
So this latter query is longer and not as readable as the former query, but it should perform better. I think. I have not tested it. You might want to benchmark it with several datasets (and check out the corresponding execution plans) to be sure.
Edit:
Based on a tip by Marc Guillot, I added OPTION (RECOMPILE) to the query. You could check out the Query Hints documentation in Microsoft Docs for more info about it.
I also found the article Improving query performance with OPTION (RECOMPILE), Constant Folding and avoiding Parameter Sniffing issues by Robin Lester just now. Haven't read it completely yet, but after scanning it quickly, it looks like a good read to me.
You can try building dynamic T-SQL statement in your routine. It is a little more difficult to write and debug, but it will lead to more simple T-SQL statements being execute and from there - possibility for better performance. Here is an example:
DECLARE #Tittle VARCHAR(12)
,#CreatedBy VARCHAR(12)
,#AndOR VARCHAR(12)
SELECT #Tittle = 'Here comes the sun'
,#CreatedBy = 'Beatles'
,#AndOR = 'AND';
SELECT #Tittle = ISNULL(#Tittle, '')
,#CreatedBy = ISNULL(#CreatedBy, '')
,#AndOR = ISNULL(#AndOR, 'AND');
DECLARE #DynammicTSQLStatement NVARCHAR(MAX);
SET #DynammicTSQLStatement =N'
SELECT
*
FROM
ProductAndServices
WHERE ' + CASE WHEN #Tittle = '' THEN '' ELSE 'Title = ''' + #Tittle + '''' END
+ CASE WHEN #Tittle <> '' AND #CreatedBy <> '' THEN ' ' + #AndOR + ' CreatedBy = ''' + #CreatedBy + '''' ELSE '' END;
SELECT #DynammicTSQLStatement
EXEC sp_executesql #DynammicTSQLStatement;
Use if condition for your case:
GO
if (#Condtion)
Begin
SELECT * FROM ProductAndServices
WHERE
Title = ISNULL(#Title,Title) And
CreatedBy = ISNULL(#CreatedBy,CreatedBy)
End
Else
Begin
SELECT * FROM ProductAndServices
WHERE
Title = ISNULL(#Title,Title) OR
CreatedBy = ISNULL(#CreatedBy,CreatedBy)
End
I am sure you know your sometimes when you want to use AND and when to use OR.
The following query should do what you want,
SELECT *
FROM ProductAndServices
WHERE
(#Title IS NULL OR Title = #Title) AND
(#CreatedBy IS NULL OR CreatedBy = #CreatedBy)
Write as SQL Statement like below
DECLARE #str VARCHAR(max)=N'SELECT *
FROM ProductAndServices
WHERE Title='+ CASE WHEN #Tittle IS NULL THEN 'Title' ELSE '''' + #Tittle + '''' END
+ ' AND CreatedBy='+ CASE WHEN #CreatedBy IS NULL THEN 'CreatedBy' ELSE '''' + #CreatedBy + '''' END
PRINT #str;
I believe there are many StackOverflow posts related to this error, but none seems to have a straightforward solution which I am looking for. I'll be thankful if anyone of you can look into this.
The issue: I am using a dynamic sql stored procedure which uses FundTransfer Database tables in cte expression and then joins with WebbnkDb database.
But, I run into the exception mentioned in the title above. Everything works fine if I remove WITH EXECUTE AS SELF command but unfortunately I can't get rid of it as it is used for some security reasons. Please suggest me solution in easy words.
USE [WebBank]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[usp_naSearchV2_20131504]
#Debug BIT = 0,
#UserName varchar(50)=NULL, --This will be used to potentially limit the results per user & also for logging
#SSN char(9) = NULL,
#FName varchar(25) = NULL,
#LName varchar(30) = NULL,
#dtApplicationStart datetime = NULL,
#dtApplicationEnd datetime = NULL,
#CompanyName varchar(50) = NULL,
#DaysInTask int = NULL, --This will be how many days it's been in the current task...
#AcctNum varchar(11) = NULL,
#BranchNums varchar(1500) = NULL, --This will be passed to an IN. Don't enclose each in single quotes - for example, '45, 145, 1, 15'
#WorkflowID int = NULL, --1 = HSA, 2 = Personal, 3 = SEI
#OriginationID tinyint = NULL, --This comes from the Applicant record.
#QueueID int = NULL,
#TaskStageIDs varchar(500) = NULL, --Will be passed to an IN, so multiple TaskStageIDs can be passed.
#TaskIDs VARCHAR(1500)=NULL,
#DaysAged int = NULL, --Days since application was entered (not including time spent in approved/declined/open states)
#LastActivityStart datetime=NULL,
#LastActivityEnd datetime=NULL,
#SOAApplID int = NULL, --SEI ID
#Market VARCHAR(50) = NULL, --from luAffinityMarket
#IncludeSecondary bit=0,
#IncludeAliasName bit=0,
#EmailTypeIDs varchar(500) = NULL
WITH EXECUTE AS SELF --This is needed because we're using dynamic SQL & don't want to grant access to underlying tables.
AS
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
/*
** New Account - Search.
**
** This will be done in dynamic SQL. The reason is because when searching on multiple optional parameters,
** SQL cannot use indexes without using dynamic SQL. This makes the proc sssssslllllooooooooowwwwwwwwwww (when not using dynamic sql).
** See http://www.sommarskog.se/dyn-search-2005.html
**
** In addition to the basics (name, social, branch, product, "workflow"), also show Task, Queue, Check-Out info, etc
**
*/
/*
I have to create new version of this store procedure since we continue making changes to resolve helpdesk tickets and
for AOT Part 2. Some tables that we are going to use for AOT project part 2 will not be moved to production until 12/05/10.
New version will be called usp_naSearchV2 and will contain new tables for AOT Part 2
*/
--CAST(ROUND(ISNULL(cteAge.Age + 1, 0), 2) AS DECIMAL(8, 2)) AS DaysAged,
DECLARE #SQL nvarchar(max),#paramlist nvarchar(max)
DECLARE #SOASQL nvarchar(MAX)
SET #FName = '%' + #FName + '%'
SET #LName = '%' + #LName + '%'
SET #CompanyName = '%' + #CompanyName + '%'
SELECT #SQL = '
WITH
cteAutoApprove (AcctID, AutoApproved)
AS (
SELECT awt.AcctID, MIN(CAST(awt.autoEnter AS SMALLINT)) AS AutoApproved
FROM dbo.AccountWorkflowTask awt JOIN dbo.WorkflowTask wt ON awt.WorkflowTaskID = wt.WorkflowTaskID
WHERE (wt.TaskID IN (9, 17) AND ReasonIDExit = 1)
OR (wt.TaskID IN (209, 309, 409, 509, 609, 709, 809, 909) AND ReasonIDExit = 40)
--OR ReasonIDExit IN(216,202) OR ReasonIDEnter=215
or(wt.TaskID=201 and ReasonIDExit is NULL) GROUP BY awt.AcctID),
cteAge (AcctID, Age)
AS (SELECT AcctID, SUM(CASE WHEN t.TaskStageID IN (2, 3, 4) OR t.TaskID = 1 THEN 0 '--don''t count Pending Completion, Open, Approved, or Declined in age
+ 'ELSE DATEDIFF(minute, dtEnter, ISNULL(dtExit, GETDATE())) END) / 60 / 24.0 Age
FROM dbo.AccountWorkflowTask awt JOIN WorkflowTask wt ON awt.WorkflowTaskID = wt.WorkflowTaskID JOIN Task t ON wt.TaskID = t.TaskID
GROUP BY AcctID),
**cteFundingStatus(AcctID,FundingStatus,SourceAccountTypeDescription)
AS
(SELECT TransferStaging.AcctID,luTransferStatus.TransferStatusDesc, luAcctType.AcctTypeDesc from
FundsTransfer.dbo.TransferStaging
JOIN FundsTransfer.dbo.luTransferType ON luTransferType.TransferTypeID = TransferStaging.TransferTypeID
JOIN FundsTransfer.dbo.luAcctType ON luTransferType.SourceAcctTypeID = luAcctType.AcctTypeID
JOIN FundsTransfer.dbo.luTransferStatus ON luTransferStatus.TransferStatusID = TransferStaging.TransferStatusID),**
cteFulfillment(AcctID, Request, TemplateName)
AS
(SELECT ful.AcctID, CAST(Request AS NVARCHAR(max))Request, lt.TemplateName FROM dbo.fulfillment ful left join LetterRequest lr on lr.LetterID = ful.LetterID
LEFT JOIN luLetterTemplate lt ON lt.TemplateID = lr.TemplateID
WHERE (Request IS NOT NULL OR ful.LetterID IS NOT NULL) AND FulfillmentID=(SELECT MAX(FulfillmentID) FROM fulfillment sub WHERE ful.AcctID=sub.AcctID AND (Request IS NOT NULL OR LetterID IS NOT NULL)) ),
cteNote(AcctID,userEntered,dtEntered,Note,NoteReasonDesc,ReasonCode,NoteReasonID)
as
(SELECT AcctID,userEntered,dtEntered,Note,NoteReasonDesc,ReasonCode,n.NoteReasonID FROM note n JOIN
dbo.luNoteReason lu ON lu.NoteReasonID=n.NoteReasonID WHERE '
IF #EmailTypeIDs IS NOT NULL
SELECT #SQL=#SQL+' n.NoteReasonID IN (' + #EmailTypeIDs + ') AND '
SELECT #SQL=#SQL+ ' dtEntered=(SELECT MAX(dtEntered)FROM note sub WHERE sub.AcctId=n.AcctID '
IF #EmailTypeIDs IS NOT NULL
SELECT #SQL=#SQL+ ' AND sub.NoteReasonID IN (' + #EmailTypeIDs + ')'
SELECT #SQL=#SQL+')) '
SELECT #SQL=#SQL+'SELECT a.ApplID, acct.AcctID, acct.dtApplication, ai.FName, ai.MName, ai.LName, ai.SSN, a.Email, ao.CompanyName,'
SELECT #SQL=#SQL+'ao.DBAName, ao.TaxID, acct.AcctNum, acct.AcctAffinityNum, luA.AffinityNum, luA.AffinityName, t.TaskDesc, awt.dtEnter,'
SELECT #SQL=#SQL+'DATEDIFF(day, awt.dtEnter, GETDATE()) + 1 DaysInTask, q.QueueDesc, w.WorkflowID, w.WorkflowDesc,'
SELECT #SQL=#SQL+'luO.OriginationID, luO.OriginationDesc, aco.dtCheckOut, aco.UserCheckOut, aco.GUIDCheckout, lts.TaskStageDesc,'
SELECT #SQL=#SQL+'DATEDIFF(day, acct.dtApplication, GETDATE()) + 1 DaysAgedOld,CAST(ROUND(ISNULL(cteAge.Age + 1, 0), 2) AS int) AS DaysAged,'
SELECT #SQL=#SQL+'asa.SOAApplID, case when (w.WorkflowID=1 and luO.OriginationID=4) then ''Low''when luO.OriginationID=9 then ''Low'''
SELECT #SQL=#SQL+'else''High'' end as RiskType, awt.userEnter, awt.dtEnter, case when cteAutoApprove.AutoApproved=1 then ''Automated'''
SELECT #SQL=#SQL+'when cteAutoApprove.AutoApproved=0 then ''Manual'' else '''' end as DecisionType,acctLam.Market,ful.Request,ful.TemplateName,fun.SourceAccountTypeDescription,fun.FundingStatus, acct.BrokerCode,
COALESCE(ai.SSN, ao.TAXID) as TIN, case when bup.BusPurposeDesc like ''%Other%'' then ao.BusPurposeOther else bup.BusPurposeDesc end as BusPurpose
,note.Note,note.NoteReasonDesc,note.ReasonCode,aa.RelationshipCode,luRel.RelationshipCodeDesc, Addr.Address1, Addr.Address2, Addr.City, Addr.State, Addr.Zip FROM dbo.Applicant a JOIN dbo.APPLICANTACCOUNT aa ON a.ApplID = aa.ApplID '
IF #IncludeSecondary=0
SELECT #SQL=#SQL+' AND aa.RelationshipCode = ''000'' '
SELECT #SQL=#SQL+'LEFT JOIN dbo.ApplicantIndiv ai ON a.ApplID = ai.ApplID LEFT JOIN dbo.ApplicantOrg ao ON a.ApplID = ao.ApplID JOIN dbo.AFFINITYGROUP ag ON a.AffGroupID = ag.AffGroupID JOIN dbo.luAffinity luA ON ag.AffinityID = luA.AffinityID
JOIN dbo.Account acct ON aa.AcctID = acct.AcctID JOIN dbo.AccountWorkflowTask awt ON acct.AcctID = awt.AcctID AND awt.dtExit IS NULL --join to current AccountWorkflowTask
JOIN dbo.WorkflowTask wt ON awt.WorkflowTaskID = wt.WorkflowTaskID JOIN dbo.Task t ON wt.TaskID = t.TaskID
JOIN dbo.Workflow w ON wt.WorkflowID = w.WorkflowID JOIN dbo.luTaskStage lts ON t.TaskStageID = lts.TaskStageID
LEFT JOIN dbo.Queue q ON t.QueueID = q.QueueID LEFT JOIN dbo.luOrigination luO on a.OriginationID = luO.OriginationID
LEFT JOIN dbo.accountCheckOut aco ON acct.AcctID = aco.AcctID AND aco.dtCheckIn IS NULL LEFT JOIN AccountSOAApplication asa ON acct.AcctID = asa.AcctID
LEFT JOIN cteAutoApprove on cteAutoApprove.AcctID = acct.AcctID LEFT JOIN cteAge ON cteAge.AcctID = acct.AcctID
LEFT JOIN luAffinityMarket lam ON CAST(luA.AffinityNum AS INT) = CAST(lam.BRNCH_NBR AS INT) LEFT JOIN luAffinityMarket acctLam ON acct.AcctAffinityNum = CAST(acctLam.BRNCH_NBR AS INT)
LEFT JOIN cteFulfillment ful on acct.AcctID=ful.AcctID
left Join **cteFundingStatus** fun on fun.AcctID=acct.AcctID
left Join luBusPurpose bup on bup.BusPurposeID=ao.BusPurposeID
Left join cteNote note on acct.AcctID=note.AcctID
left join luRelationshipCode luRel on aa.RelationshipCode=luRel.RelationshipCode
LEFT JOIN Address Addr ON Addr.ApplID = aa.ApplID AND Addr.AddrTypeID = 1
WHERE 1 = 1 ' --this is in here so that the following statements in the WHERE clause can start with "AND (...)".
-- IF #debug = 1 PRINT LEN(#SQL) v_AOTInitialAccountFunding
--SELECT #SQL = REPLACE(#SQL, CHAR(9), '') --remove tabs to save string size
IF #debug = 1 PRINT LEN(#SQL)
IF #SSN IS NOT NULL
SELECT #sql = #sql + ' AND (ai.SSN = #xSSN OR REPLACE(ao.TaxID, ''-'', '''') = #xSSN)'
IF #IncludeAliasName <>1 AND #FName IS NOT NULL
SELECT #sql = #sql + ' AND (ai.FName LIKE #xFName)'
IF #IncludeAliasName <>1 AND #LName IS NOT NULL
SELECT #sql = #sql + ' AND (ai.LName LIKE #xLName)'
IF #IncludeAliasName <>0 AND #FName IS NOT NULL
SELECT #sql = #sql + ' AND (ai.AliasFName LIKE #xFName OR ai.FName LIKE #xFName)'
IF #IncludeAliasName <>0 AND #LName IS NOT NULL
SELECT #sql = #sql + ' AND (ai.AliasLName LIKE #xLName OR ai.LName LIKE #xLName)'
IF #dtApplicationStart IS NOT NULL
SELECT #sql = #sql + ' AND (CONVERT(char(10), acct.dtApplication, 101) >= #xdtApplicationStart)'
IF #dtApplicationEnd IS NOT NULL
SELECT #sql = #sql + ' AND (CONVERT(char(10), acct.dtApplication, 101) <= #xdtApplicationEnd)'
IF #CompanyName IS NOT NULL
SELECT #sql = #sql + ' AND (ao.CompanyName LIKE #xCompanyName)'
IF #DaysInTask IS NOT NULL
SELECT #sql = #sql + ' AND (DATEDIFF(day, awt.dtEnter, GETDATE()) >= #xDaysInTask)'
IF #AcctNum IS NOT NULL
SELECT #sql = #sql + ' AND (acct.AcctNum LIKE #xAcctNum)'
IF #BranchNums IS NOT NULL
--Can't use a parameter of the executesql for the list of affinity numbers.
SELECT #sql = #sql + ' AND (acct.AcctAffinityNum IN (' + #BranchNums + ') OR luA.AffinityNum IN (' + #BranchNums + '))'
IF #WorkflowID IS NOT NULL
SELECT #sql = #sql + ' AND (w.WorkflowID = #xWorkflowID)'
IF #OriginationID IS NOT NULL
SELECT #sql = #sql + ' AND (a.OriginationID = #xOriginationID)'
IF #QueueID IS NOT NULL
SELECT #sql = #sql + ' AND (t.QueueID = #xQueueID)'
IF #TaskStageIDs IS NOT NULL
--Can't use a parameter of the executesql for the list of affinity numbers.
SELECT #sql = #sql + ' AND (lts.TaskStageID IN (' + #TaskStageIDs + '))'
IF #TaskIDs IS NOT NULL
--Can't use a parameter of the executesql for the list of affinity numbers.
SELECT #sql = #sql + ' AND (t.TaskID IN (' + #TaskIDs + '))'
IF #DaysAged IS NOT NULL
SELECT #sql = #sql + ' AND ISNULL(cteAge.Age + 1, 0) <= #xDaysAged'
--SELECT #sql = #sql + ' AND (DATEDIFF(day, acct.dtApplication, GETDATE()) + 1 = #xDaysAged)'
IF #LastActivityStart IS NOT NULL
SELECT #sql = #sql + ' AND (CONVERT(char(10), awt.dtEnter, 101) >= #xLastActivityStart)'
IF #LastActivityEnd IS NOT NULL
SELECT #sql = #sql + ' AND (CONVERT(char(10), awt.dtEnter, 101) <= #xLastActivityEnd)'
IF #Market IS NOT NULL
SELECT #sql = #sql + ' AND (lam.Market = #xMarket OR acctLam.Market = #xMarket)'
IF #EmailTypeIDs IS NOT NULL
SELECT #sql = #sql + ' AND (note.NoteReasonID IN (' + #EmailTypeIDs + '))'
IF #SOAApplID IS NOT NULL
SELECT #sql = #sql + ' AND asa.SOAApplID = #xSOAApplID UNION
SELECT NULL ApplID, NULL AcctID, sa.dtAdded dtApplication, sap.FName, sap.MName, sap.LName, sap.SSN, sap.Email, NULL CompanyName,NULL DBAName,
NULL TaxID, NULL AcctNum, 145 AcctAffinityNum, ''145'' AffinityNum, luA.AffinityName, NULL TaskDesc, NULL dtEnter,
NULL DaysInTask, NULL QueueDesc, NULL WorkflowID, ''SEI Online App'' WorkflowDesc,NULL OriginationID, NULL OriginationDesc, NULL dtCheckOut,
NULL UserCheckOut, NULL GUIDCheckout, NULL TaskStageDesc,
0, DATEDIFF(day, sa.dtAdded, GETDATE()) + 1 DaysAged, sa.SOAApplID,'' '', '' '', '' '' dtEnter, '' ''DecisionType,'' '' Market,
'' ''Request,'' ''SourceAccountTypeDescription,'' ''FundingStatus,'' ''BrokerCode, '' ''TIN,'' ''BusPurpose,'' ''Note,'' ''t,
'' ''t1,'' '' RelationshipCode, '' '' RelationshipCodeDesc FROM SOAApplication sa LEFT JOIN AccountSOAApplication asa
ON sa.SOAApplID = asa.SOAApplID JOIN SOAApplicant sap ON sa.SOAApplID = sap.SOAApplID JOIN luAffinity luA ON luA.AffinityNum = ''145''
WHERE asa.SOAApplID IS NULL AND sa.SOAApplID = #xSOAApplID AND sap.PrimaryContact = 1'
IF #debug = 1
PRINT #sql
IF #debug = 1
PRINT #sql
SELECT #paramlist =
'#xSSN char(9),
#xFName varchar(25),
#xLName varchar(30),
#xdtApplicationStart datetime,
#xdtApplicationEnd datetime,
#xCompanyName varchar(50),
#xDaysInTask int,
#xAcctNum varchar(11),
#xWorkflowID int,
#xOriginationID tinyint,
#xQueueID int,
#xDaysAged int,
#xMarket varchar(50),
#xSOAApplID int,
#xLastActivityStart datetime,
#xLastActivityEnd datetime'
IF #Debug = 1 PRINT LEN(#SQL)
EXEC sp_executesql #sql, #paramlist,
#SSN,
#FName,
#LName,
#dtApplicationStart,
#dtApplicationEnd,
#CompanyName,
#DaysInTask,
#AcctNum,
#WorkflowID,
#OriginationID,
#QueueID,
#DaysAged,
#Market,
#SOAApplID,
#LastActivityStart,
#LastActivityEnd
So when you add EXECUTE AS SELF to a procedure, it's the same as saying "Execute this procedure as though the person who created it is running it". So whoever deploys the procedure (under whatever principal account) is the one that will be the basis for what the procedure uses.
I'm presuming that your deployment strategy is to have an administrator run the CREATE/ALTER steps using the sa account. Your DBAs are probably following best practice and not having the sa account own the databases on the server (and possibly not have read access at all), so you get the security error.
Given all that, in your current situation, you're probably not going to use EXECUTE AS SELF, or at least I suspect so. In terms of when you would want to use it in a more general sense, it's hard to give a blanket answer. Short version is if you have a situation where you ("you" being a principal you can log in as) need to run an object at your level of permissions rather than whatever permissions the caller has.
I have a stored procedure. In this stored procedure I have to check that a particular parameter is not null. How can I do this? I wrote this:
ALTER PROCEDURE [dbo].[GetReelListings]
#locationUrlIdentifier VARCHAR(100)
AS
BEGIN
SET NOCOUNT ON;
declare #Sql varchar(max)=''
SET #Sql = 'SELECT CategoryName, CategoryUrlIdentifier, LocationUrlIdentifier, Directory.* FROM (SELECT ROW_NUMBER() OVER (PARTITION BY Category.Name ORDER BY CASE WHEN '''+ #locationUrlIdentifier + ''' = Location.UrlIdentifier THEN 1 ELSE CASE WHEN ''' + #locationUrlIdentifier + ''' IS NULL AND Directory.LocationId IS NULL THEN 0 ELSE 2 END END, Directory.SortOrder ) AS ''RowNo'', Category.Name AS CategoryName, Category.UrlIdentifier AS CategoryUrlIdentifier, dbo.Location.UrlIdentifier AS LocationUrlIdentifier, Directory.DirectoryId, CASE WHEN ''' + #locationUrlIdentifier + ''' = Location.UrlIdentifier THEN 1 ELSE CASE WHEN ''' + #locationUrlIdentifier + ''' IS NULL AND Directory.LocationId IS NULL THEN 0 ELSE 2 END END AS CategoryOrder FROM dbo.Directory INNER JOIN dbo.Category ON Directory.CategoryId = Category.CategoryId LEFT OUTER JOIN dbo.Location ON dbo.Directory.LocationId = location.Location_ID ) AS content INNER JOIN dbo.Directory ON content.DirectoryId = Directory.DirectoryId WHERE content.RowNo =1 '
if (#locationUrlIdentifier is null)
begin
SET #Sql = #Sql + ' and 1=1'
end
else
begin
SET #Sql = #Sql + ' and CategoryOrder = 1 '
end
print #SQl
EXECUTE (#Sql)
END
This will work in SQL but this will return a null Dataset in Codebehind.
Whenever you join strings and NULLs together, the result is NULL. By the time you're asking about whether the variable is NULL, you've already done this:
' + #locationUrlIdentifier + '
Several times. If it's NULL, so will #Sql be.
You might want to consider using COALESCE to replace the NULL with a suitable replacement (e.g. an empty string):
' + COALESCE(#locationUrlIdentifier,'') + '
You also still have a logic error on your final construction. If the variable is NULL, you'll have a where clause saying:
WHERE content.RowNo =1 1=1
Which isn't valid. I don't think you should be appending anything.
I'm also not clear on why you're doing this as dynamic SQL. The below seems to be an equivalent query which can be executed directly:
SELECT
CategoryName,
CategoryUrlIdentifier,
LocationUrlIdentifier,
Directory.*
FROM
(SELECT
ROW_NUMBER() OVER (
PARTITION BY Category.Name ORDER BY
CASE
WHEN #locationUrlIdentifier = Location.UrlIdentifier THEN 1
WHEN #locationUrlIdentifier IS NULL AND Directory.LocationId IS NULL THEN 0
ELSE 2
END,
Directory.SortOrder
) AS RowNo,
Category.Name AS CategoryName,
Category.UrlIdentifier AS CategoryUrlIdentifier,
dbo.Location.UrlIdentifier AS LocationUrlIdentifier,
Directory.DirectoryId,
CASE
WHEN #locationUrlIdentifier = Location.UrlIdentifier THEN 1
WHEN #locationUrlIdentifier IS NULL AND Directory.LocationId IS NULL THEN 0
ELSE 2
END AS CategoryOrder
FROM
dbo.Directory
INNER JOIN
dbo.Category
ON
Directory.CategoryId = Category.CategoryId
LEFT OUTER JOIN
dbo.Location
ON
dbo.Directory.LocationId = location.Location_ID
) AS content
INNER JOIN
dbo.Directory
ON
content.DirectoryId = Directory.DirectoryId
WHERE
content.RowNo =1 and
(#locationUrlIdentifier or CategoryOrder = 1)
You can do it just in ONE query:
Select Query ...where ...
and ((#locationUrlIdentifier is null) or (CategoryOrder = 1))
You can use NULLIF instead of IS NULL
Refer : Check if a parameter is null or empty in a stored procedure
http://msdn.microsoft.com/en-us/library/ms177562.aspx
Alternatively you can use ISNULL() check and then change the null to empty string
IF (ISNULL(#locationUrlIdentifier,'') = '')
OR even before this check you can use ISNULL() to convert from NULL to empty string if it persists to be a problem