Must declare the scalar variable error SQL - sql

I have this SQL statement, but i have error Must declare the scalar variable "#InputPath"
IF OBJECT_ID('DBO.SP_INSERT_REQUESTS') IS NULL BEGIN
EXEC('CREATE PROCEDURE DBO.SP_INSERT_REQUESTS AS RETURN')
GRANT EXECUTE ON DBO.SP_INSERT_REQUESTS TO PUBLIC
END
GO
ALTER PROCEDURE DBO.SP_INSERT_REQUESTS
#Name NVARCHAR(512),
#Code NVARCHAR(50),
#InputPath NVARCHAR(2000),
#OutputPath NVARCHAR(2000)
AS
GO
SET QUOTED_IDENTIFIER OFF
--DECLARE #InputPath varchar(2000) = "c:\MyDoc1.xsd"
DECLARE #InputValue XML
--DECLARE #OutputPath varchar(2000) = "c:\MyDoc2.xsd"
DECLARE #OutputValue XML
DECLARE #QUERY NVARCHAR(4000) SET #QUERY = "
SELECT #InputValue = InputExample.BulkColumn
FROM OPENROWSET (BULK '"+#InputPath+"', SINGLE_BLOB) AS InputExample;
SELECT #OutputValue = InputExample.BulkColumn
FROM OPENROWSET (BULK '"+#OutputPath+"', SINGLE_BLOB) AS InputExample;
"
EXEC SP_EXECUTESQL #QUERY, N'#InputValue XML out, #OutputValue XML out', #InputValue out, #OutputValue out
INSERT INTO MyTable(Name, Code, Input, Output)
VALUES('value1', 'value2' , #InputValue, #OutputValue)
I have declared the parameters, so I don't understand why I am getting the error.

Remove the GO which is between 'AS' and 'SET QUOTED_IDENTIFIER OFF'. The problem is that you declare the variable in a different batch.

Dynamic sql runs in a different session and therefore variables defined outside the dynamic query will not be available to the dynamic query DEMO - HERE.
Then again, if you declare them within the dynamic query, they won't be available outside the query. DEMO - HERE
I can see why you using dynamic sql as you cannot pass parameter to openrowset. I think you could do something like this to over come the issue. DEMO

Related

Query that saves data in a variable

I am writing an SP in SQL SERVER, and I need one of the steps to execute a query that comes with data from another variable and save that result in another variable for later use in SP. The code I am using displays the following error:
Procedure expects parameter '#handle' of type 'int'.
DECLARE #retorno INT, #sql NVARCHAR(4000), #parametro NVARCHAR(4000), #caminho NVARCHAR(4000)
SET #caminho = '\\arquivos\CÉLULA DE INOVAÇÃO\SQL\19072019.CSV'
SET #parametro = N'#retornoOut INT OUTPUT'
SET #sql = 'SELECT TOP 1 SUBSTRING(RIGHT('''+#caminho+''',12),1,8)'
PRINT #SQL
EXEC sp_execute #sql, #parametro, #retornoOut=#retorno OUTPUT;
The purpose of the code is from a file passed by the user, I can get the name from the given path. I don't know what could be wrong with id.
The problem is that youre using sp_execute , when you should use sp_executesql
this works fine
DECLARE #retorno INT, #sql NVARCHAR(4000), #parametro NVARCHAR(4000), #caminho NVARCHAR(4000)
SET #caminho = '\\arquivos\CÉLULA DE INOVAÇÃO\SQL\19072019.CSV'
SET #parametro = N'#retornoOut INT OUTPUT'
SET #sql = 'SELECT TOP 1 SUBSTRING(RIGHT('''+#caminho+''',12),1,8)'
PRINT #SQL
EXEC sp_executesql #sql, #parametro, #retornoOut=#retorno OUTPUT;
You don't need to use dynamic SQL for this. You can just use set or a simple select:
Using set:
SET #retorno = SUBSTRING(RIGHT(#caminho,12),1,8)
Using select:
SELECT #retorno = SUBSTRING(RIGHT(#caminho,12),1,8)

Execute openrowset stored procedure, parameter use

Little bit of background information:
I have a stored procedure, lets call it SP1. SP1 calls another stored procedure: SP2. SP2 calls another stored procedure: SP3.
Now, the first stored procedure (SP1) returns a resultset. The resultset are parameters for SP2, this is done with a cursor.
Because of these nested inserts and executes, i have to use an openrowset dynamic SQL string to execute my stored procedures.
This is my query:
DECLARE #P_Source varchar(255) = 'test'
DECLARE #P_Location varchar(255) = 'test'
DECLARE #sql varchar(max)
SET #sql = 'INSERT INTO #tmp
SELECT *
FROM OPENROWSET (
''SQLOLEDB'',
''Server=(local);TRUSTED_CONNECTION=YES;'',
''set fmtonly off
EXECUTE dbo.SP1
#P_Source = '''''+#P_Source+'''''''
,#P_Location = '''''+#P_Location+'''''''
)'
exec(#sql)
(I have ofcourse created the table #tmp). I have more parameters to be exact (12), all varchar, but I left them out to not make it messy.
I'm getting the following error
Msg 102, Level 15, State 1, Line 12
Incorrect syntax near ','.
am I using the openrowset command in the correct way with the corresponding procedure parameters?
All those quotes get confusing. By doing select #sql prior to the exec you can see what SQL Server is going to try and do. Based on the query you've provided #sql currently contains:
INSERT INTO #tmp
SELECT *
FROM OPENROWSET (
'SQLOLEDB',
'Server=(local);TRUSTED_CONNECTION=YES;',
'set fmtonly off
EXECUTE dbo.SP1
#P_Source = ''test'''
,#P_Location = ''test'''
)
To help you build up to the final solution you could try having a dummy SP1 that takes two numeric parameters - that'll eliminate some quotes for you to worry about. Once you have that working you can proceed to add string parameters until you get what you want.
For sql linked server use OPENQUERY
https://learn.microsoft.com/en-us/sql/t-sql/functions/openquery-transact-sql
and sp_executesql
DECLARE #P_Source varchar(255) = 'test'
DECLARE #P_Location varchar(255) = 'test'
DECLARE #SQL NVARCHAR(MAX) = '',
#QUERY NVARCHAR(MAX) = '',
#Params NVARCHAR(500) = N'DECLARE #P_Source VARCHAR(255),#P_Location VARCHAR(255); ',
#ParamsValue NVARCHAR(500) = N'SELECT #P_Source = '''''+#P_Source+''''', #P_Location = '''''+#P_Location+''''';'
SET #Query = N'set fmtonly off; EXECUTE dbo.SP1 #P_Source, #P_Location'
SET #SQL = 'SELECT * FROM OPENQUERY([Local],'' sys.sp_executesql ' + #Params + #ParamsValue + #Query +''' )'
INSERT INTO #Tmp
EXEC (#SQL)

Execute Stored Procedure from Stored Procedure w/ dynamic SQL capturing output

Inside a stored procedure (A) I need to call a stored procedure (X) inside a specific database and capture the output. X returns a single value.
From what I understand I need to provide the DB name of X to the stored procedure in A and I need to use dynamic SQL to build the query on execution targeting the desired database.
What am unable to figure out is how to capture output from X in A to work with the result.
You could use sp_executesql to dynamically call your nested Stored Procedure.
DECLARE #db AS SYSNAME
DECLARE #return_value AS INT
DECLARE #output_value AS INT
DECLARE #sql AS NVARCHAR(MAX)
-- Set your DB name
SET #db = N'mydb'
/*
Use sp_executesql to dynamically pass in the db and stored procedure
to execute while also defining the values and assigning to local variables.
*/
SET #sql = N'EXEC #rtn = ' + #db + '.dbo.[your_stored_procedure] #output OUTPUT'
EXEC sp_executesql #sql
, N'#rtn AS INT, #output AS INT OUTPUT'
, #return_value = #rtn
, #output_value = #output OUTPUT
Adding to the above answer, following is the way to call stored procedures dynamically by passing parameters.
DECLARE #SpName VARCHAR(1000)
SELECT #SpName = DeleteLiveSP FROM dbo.ArchivalInfo (NOLOCK) WHERE TableName = #TableName
DECLARE #SqlString nvarchar(2000)
DECLARE #ParamDef nvarchar(2000)
SET #SqlString = N'exec '+#SpName + ' #CriteriaParam'
SET #ParamDef = N'#CriteriaParam XML'
EXECUTE sp_executesql #SqlString ,#ParamDef, #CriteriaParam = #Criteria

Procedure to insert Xml Into Sql Server -- Must Declare Scalar Variable

I am using the below procedure to try and insert xml via the filepath into a xml column. I am getting an error must declare scalar variable for ForeignId. Is there a better way of doing what I am trying to do, or am I on the right path?
Here is the procedure
ALTER PROC [dbo].[InsertXml] #path nvarchar(100)
,#ForeignId uniqueidentifier
AS
BEGIN
SET NOCOUNT ON
DECLARE #SQL nvarchar(4000) =
'INSERT INTO XmlTable(XmlId
, ForeignId
, TestXml)
SELECT NEWID()
, #ForeignId
,* FROM OPENROWSET(
BULK ''' + #path + ''',
SINGLE_BLOB) AS x;'
EXECUTE(#SQL);
RETURN ##ERROR;
END
When you're executing the SQL statement using EXECUTE(SQL) it has no access to the #ForeignId value
One way to solve this is to use sp_excuteSQL and do this instead of EXECUTE(#SQL);
DECLARE #ParmDefinition nvarchar(500);
SET #ParmDefinition = N'#ForeignId uniqueidentifier';
EXECUTE sp_executesql #SQL, #ParmDefinition, #ForeignId ;
You could also just concatenate the #ForeignId to your sql string but I can't recall if there are issues with that when using a uniqueidentifier

Using variable inside dynamic SQL

I have the below SQL..What I am trying to do is use the Parameter defined at the stored procedure level inside dynamic SQL:
CREATE PROCEDURE [dbo].[Test]
(#DealID NVARCHAR(500),
#OUTPUT NVARCHAR(MAX) OUTPUT,
#FeeType CHAR(1)
) -- I want to use this parameter inside dynamic SQL query
AS
DECLARE #exec_str NVARCHAR(MAX)
DECLARE #ParmDefinition NVARCHAR(MAX)
BEGIN
SET #exec_str = N'DECLARE #ParmDefinition NVARCHAR(500)
SELECT * FROM #FeeType' --This is where I want to use the variable
DECLARE #ParamDefinition nvarchar(max)
SET #ParamDefinition = N'#OUTPUT NVARCHAR(MAX) OUTPUT'
EXEC sp_executesql #exec_str, #ParamDefinition
Can someone please tell me how to do it?
Thanks
In SQL Server Identifiers can't be parameterized.
Since you are using dynamic SQL anyway, you can do something like this:
SET #exec_str= N'Select * from '+ #FeeType
EXEC(#exec_str)
However, this is vulnerable to SQL injection attacks. To reduce the risk to minimum you should check first that such a table name exists, and I would also use quotename just to be on the safe side:
IF EXISTS
(
SELECT 1
FROM Information_Schema.Tables
WHERE TABLE_NAME = #FeeType
)
BEGIN
SET #exec_str= N'Select * from '+ QUOTENAME(#FeeType)
EXEC(#exec_str)
END