SET #sql = 'Declare ChildTableMigrator CURSOR FOR select ['+#FieldName+'] , ['+#FieldName+'Alias] from [' + #SourceTable + '].[dbo].[Port] where [' + #SourceTable + '].[dbo].[Port].[' + #FieldName + '] IS NOT NULL AND [' + #SourceTable + '].[dbo].[Port].[' + #FieldName + '] !='''
PRINT #sql
exec sp_executesql #sql
Hi,
How to check NULL and EMPTY with a sql dynamic query ? , as per EMPTY check
#FieldName + '] !='''
it thorws the error
Unclosed quotation mark after the character string ''.
How to overcome this ?
You need to replace
#FieldName + '] !='''
with
#FieldName + '] !='''''.
Quotation marks need to be escaped when used inside a string. In your original statement, you escaped only one quotation mark resulting in a string with only one quotation mark.
But you could do even better by using parametrized sql
#FieldName + '] !=#EmptyField
exec sp_executesql #sql, N'#EmptyField VARCHAR(32)', ''
use if() judge .for example
set #sql="Declare ChildTableMigrator CURSOR FOR select "
if(#FieldName!=null)
begin
set #sql=#sql+"['"+#FieldName+"']";
end
.....
PRINT #sql
exec sp_executesql #sql
Related
I have this problem. I have this query in which I used to model a stored procedure and I want to get the value in the column clr_bal_amt. I want it to return as a string from the database column.
However it does not return it. The query executes, but it does not get the value in that column.
The stored procedure looks like this
CREATE PROCEDURE FindBranchVaultBalance
#sol_id varchar(50),
#acct_crncy_code varchar(50)
AS
DECLARE #query nvarchar(max) = N'
select foracid, acct_crncy_code, clr_bal_amt
from dummy_table
where bacid = ''1010000001'' and sol_id = ' + QUOTENAME(#sol_id, '''') + N' and
acct_crncy_code = ' + QUOTENAME(#acct_crncy_code, '''') + N' and
del_flg = ''N'' and acct_cls_flg = ''N''
';
DECLARE #sql nvarchar(max) = N'
SELECT *
FROM OPENQUERY (LINKEDSERVER, N' + QUOTENAME(#query, '''') + N' )
';
EXEC sp_executesql #sql;
GO
I need some form of clarification. Why did this not return that value in that clr_bal_amt column?
Edited
The SQL is looking like this now
ALTER PROCEDURE [dbo].[FindBranchVaultBalance]
#sol_id varchar(50),
#acct_crncy_code varchar(50)
AS
DECLARE #query nvarchar(max) = N'
select foracid, acct_crncy_code, clr_bal_amt
from dummy_table
where bacid = ''1010000001'' and sol_id = ' + QUOTENAME(#sol_id, '''') + N' and
acct_crncy_code = ' + QUOTENAME(#acct_crncy_code, '''') + N' and
del_flg = ''N'' and acct_cls_flg = ''N''
';
DECLARE #sql nvarchar(max) = N'
SELECT *
FROM OPENQUERY (LINKEDSERVER, N' + REPLACE(#query, '''','''''') + N' )
';
EXEC sp_executesql #sql;
Edits2
ALTER PROCEDURE [dbo].[FindAFINACLEBranchVaultBalance]
#sol_id varchar(50),
#acct_crncy_code varchar(50)
AS
DECLARE #query nvarchar(max) = N'
select foracid, acct_crncy_code, clr_bal_amt
from dummy_table
where bacid = ''1010000001'' and sol_id = ' + QUOTENAME(#sol_id, '''') + N' and
acct_crncy_code = ' + QUOTENAME(#acct_crncy_code, '''') + N' and
del_flg = ''N'' and acct_cls_flg = ''N''
';
DECLARE #sql nvarchar(max) = N'
SELECT *
FROM OPENQUERY (LINKEDSERVER, N' + '... N''' + REPLACE(#query, '''','''''') + N''' ...'+ N' )
';
EXEC sp_executesql #sql;
Is there something I am missing?
As I mentioned QUOTENAME accepts a sysname as a parameter (a synonym of nvarchar(128) NOT NULL), and your variable #query is defined as an nvarchar(MAX). As such if it's 129 or more characters long it'll be truncated; your value is clearly more than 128 characters.
Just use REPLACE:
N'... N''' + REPLACE(#query, '''','''''') + N''' ...'
As a bit of shameless self promotion, I explain this scenario more in-depth here.
To add emphasis on the OP's attempt to implement this, your attempt is not the same:
N'... N' + REPLACE(#query, '''','''''') + N' ...'
Notice the lack of trailing and leading single quotes ('). The single quotes are needed. REPLACE replaces characters, it doesn't delimit identify them like QUOTENAME does.
I want to search in table for all records with a special characters - char(11), char(7) etc.
I have found one stored procedure which helps me to find it. But it is not accepting the input parameters as follows:
EXEC sp_FindStringInTable '%'+char(7)+'%', 'CPOA-TALENTLink-Test-Leeds', 'TALENT_Contact_ChangeLog'
Error:
Msg 102, Level 15, State 1, Line 1
Incorrect syntax near '+'.
Stored procedure:
CREATE PROCEDURE dbo.sp_FindStringInTable
#stringToFind NVARCHAR(100),
#schema SYSNAME,
#table SYSNAME
AS
BEGIN TRY
DECLARE #sqlCommand VARCHAR(MAX) = 'SELECT * FROM [' + #schema + '].[' + #table + '] WHERE '
SELECT #sqlCommand = #sqlCommand + '[' + COLUMN_NAME + '] LIKE ''' + #stringToFind + ''' OR '
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = #schema
AND TABLE_NAME = #table
AND DATA_TYPE IN ('char','nchar','ntext','nvarchar','text','varchar')
SET #sqlCommand = LEFT(#sqlCommand, LEN(#sqlCommand) - 3)
EXEC (#sqlCommand)
PRINT #sqlCommand
END TRY
BEGIN CATCH
PRINT 'There was an error. Check to make sure object exists.'
PRINT error_message()
END CATCH
As mentioned in error, I'm unable to search through table for special characters.
In calls to procedures expressions other than literals or variables don't work.
Assign the concatenation to a variable and pass that variable to the procedure.
DECLARE #p varchar(max) = '%' + char(7) + '%';
EXEC sp_FindStringInTable #p, 'CPOA-TALENTLink-Test-Leeds', 'TALENT_Contact_ChangeLog';
Literal string concatenation like '[' + #schema + ']' and ' LIKE ''' + #stringToFind + '''' isn't safe. Far from it. I suspect that parametrising your query is going to fix this:
CREATE PROCEDURE dbo.sp_FindStringInTable #stringToFind NVARCHAR(100), #schema sysname, #table sysname
AS
BEGIN TRY
DECLARE #sqlCommand varchar(max);
SET #sqlCommand = N'SELECT *' + NCHAR(10) + --Formatting yoru dynamic SQL is a very good idea
N'FROM ' + QUOTENAME(#schema) + N'.' + QUOTENAME(#table) + NCHAR(10) +
N'WHERE' +
STUFF((SELECT NCHAR(10) + N' AND ' + QUOTENAME(COLUMN_NAME) + N'LIKE #String'
FROM INFORMATION_SCHEMA.COLUMNS
WHERE TABLE_SCHEMA = #schema
AND TABLE_NAME = #table
AND DATA_TYPE IN ('char','nchar','ntext','nvarchar','text','varchar')
FOR XML PATH(N'')),1,6,N'')
PRINT #sqlCommand; --your best friend
EXEC sp_executesql #sqlCommand, N'String nvarchar(100)', #String = #stringToFind;
END TRY
BEGIN CATCH
PRINT 'There was an error. Check to make sure object exists.'
PRINT error_message()
END CATCH
Note that I have not tested the above. Your best friend is there to help you debug.
I am trying to insert data into a SQL Server table using a variable. I tried
DECLARE #table NVARCHAR(50) = 'ToolList',
#val NVARCHAR(50) = 'test'
EXEC ('INSERT INTO ' + #table + 'SELECT ' + #val)
and
EXEC ('INSERT INTO ' + #table + '([col1]) VALUES(' + #val +')'
but still get an error that says
Incorrect syntax near 'test'.
you missed a space before SELECT and the #val should enclosed in single quote
DECLARE #table nvarchar(50) = 'ToolList',
#val nvarchar(50) = 'test'
EXEC ( 'INSERT INTO ' + #table + ' SELECT ''' + #val + '''')
when you use Dynamic SQL, it is easier to form the query in a variable so that you can print out , inspect the value before execution
select #sql = 'INSERT INTO ' + #table + ' SELECT ''' + #val + ''''
print #sql
exec (#sql)
You'd better use sp_executesql that allows for statements to be parameterized, to avoid the risk of SQL injection.
DECLARE #Query NVARCHAR(1000),
#table NVARCHAR(50) = 'ToolList'
SET #Query = 'INSERT INTO ' + #table + ' SELECT #val'
EXEC sp_executesql #Query, N'#val nvarchar(50)', #val = 'test'
sp-executesql-transact-sql
You can also use CHAR(39) instead of adding single quotes every time for better readability. And also, you have not added a space after the variable which contains the table name.
Query
declare #table nvarchar(50) = 'ToolList',
#val nvarchar(50) = 'test2';
declare #sql as varchar(max) = 'insert into ' + #table
+ ' select ' + char(39) + #val + char(39);
exec(#sql);
You need 4 singlequotes before the #val field as it is a string and all strings needs to be encapsulated in single quotes.
You can print the dynamic string using PRINT command check what the final string you are going to execute.
DECLARE #table VARCHAR(50) = 'ToolList'
DECLARE #val VARCHAR(50) = 'test'
DECLARE #DSQL AS VARCHAR(MAX) = ''
SET #DSQL = #DSQL + ' INSERT INTO [' + #table + ']' + '
SELECT ' + '''' + #val + ''''
--PRINT #DSQL
EXEC(#DSQL)
I am trying to write a stored procedure that will removed leading and trailing quotes from an arbitrary table and column. I keep getting an error saying that the table name isn't declared.
Here is the SP
create table [dbo].[test] (id nvarchar(20))
insert into dbo.test values ('"07617966004766"')
go
CREATE PROCEDURE sp_stripDoubleQuotes
#tableName sysname,
#columnName sysname
AS
BEGIN
SET NOCOUNT ON;
UPDATE #tableName
SET #columnName = SUBSTRING(#columnName, 2, LEN(#columnName))
WHERE LEFT(#columnName, 1) = '"'
UPDATE #tableName
SET #columnName = SUBSTRING(#columnName, 1, LEN(#columnName)-1)
WHERE RIGHT(#columnName, 1) = '"'
END
GO
exec [dbo].[sp_stripDoubleQuotes] N'[dbo].[test]', N'[id]'
select * from test
Here is a link to a fiddle:
link to fiddle
CREATE PROCEDURE sp_stripDoubleQuotes
#tableName sysname,
#columnName sysname,
#SQL varchar(MAX)
AS
BEGIN
SET NOCOUNT ON;
SET #SQL =
'UPDATE ' + '[' + #tableName +']' +
'SET' + '[' + #columnName +']' +'= SUBSTRING(' +'[' + #columnName +']' +', 2, LEN(' +'[' + #columnName +']' +'))
WHERE LEFT(' + '[' + #columnName +']' +', 1) = '+'''"'''
--PRINT(#SQL)
EXEC (#SQL)
SET #SQL =
'UPDATE ' + '[' + #tableName +']' +
'SET' + '[' + #columnName +']' +'= SUBSTRING(' + '[' + #columnName +']' +', 1, LEN(' + '[' + #columnName + ']' +')-1)
WHERE RIGHT(' + '[' + #columnName +']' +', 1) = '+'''"'''
--PRINT(#SQL)
EXEC (#SQL)
END
GO
exec [dbo].[sp_stripDoubleQuotes] N'test', N'id' -- exec [dbo].[sp_stripDoubleQuotes] N'[dbo].[test]', N'[id]'
Updated 2nd: I added [] to wrap table and column incase your table and column name have whitespace in them. Thanks #Sean Lange and #Richard
Updated 3rd: As #[benjamin moskovits] (xD) mentioned, if you hard coded brackets, the correct execute command is exec [dbo].[sp_stripDoubleQuotes] N'test', N'id'. Try to add or remove brackets and print to see whether the syntax is correct before executing it.
CREATE PROCEDURE sp_stripDoubleQuotes
#tableName sysname,
#columnName sysname
AS
BEGIN
SET NOCOUNT ON;
declare #QuerytoExecute varchar(1000)
set #QuerytoExecute="UPDATE "+#tableName+"
SET "+#columnName+" = SUBSTRING("+#columnName+", 2, LEN("+#columnName+"))
WHERE LEFT("+#columnName+", 1) = '""'";
exec (#QuerytoExecute);
set #QuerytoExecute="
UPDATE "+#tableName+"
SET "+#columnName+" = SUBSTRING("+#columnName+", 1, LEN("+#columnName+")-1)
WHERE RIGHT("+#columnName+", 1) = '""'";
exec (#QuerytoExecute);
END
GO
I wish to modify strings in several columns (for example all columns containing the 'sound' string), for example replacing ',' by '.'. Further to this post, I understand I have to use dynamic SQL. I created the following procedure:
USE [myDB]
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[RemoveStringInColumn] (#colName varchar(50), #tableName varchar(50), #to_remove varchar(50), #to_add varchar(50))
AS
DECLARE #sql nvarchar(4000)
SET #sql = 'UPDATE ' + #tableName + ' SET ' + #colName + ' = REPLACE(' + #colName + ',' + #to_remove + ','+ #to_add + ');'
PRINT #sql
EXEC sp_executesql #sql
Which is called by:
EXEC dbo.RemoveStringInColumn 'COL_1', 'TABLE_1', ',', '.'
1) The problem is the #sql command does not contain the little hyphen arond the comma and the dot. How can I solve this?
2) In this post they use a SELECT command to fetch all column names. So far, I managed to fetch column names containing 'sound'.
select COLUMN_NAME AS my_cols
from INFORMATION_SCHEMA.COLUMNS
where table_name = 'TABLE_1' AND COLUMN_NAME LIKE '%sound%'
How can I put column names into a list and use a for loop to go through them calling the RemoveStringInColumn procedure?
Thanks
Just double the single quotes around #to_remove and #to_add
DECLARE #sql NVARCHAR(4000)
SET #sql = 'UPDATE ' + Quotename(#tableName) + ' SET ' + Quotename(#colName)
+ ' = REPLACE(' + Quotename(#colName) + ',''' + #to_remove + ''','''
+ #to_add + ''');'
PRINT #sql
EXEC Sp_executesql
#sql
Update : To do the replace for more than one column
DECLARE #sql NVARCHAR(4000),
#col_list VARCHAR(8000)= ''
SET #col_list = (SELECT ',' + Quotename(COLUMN_NAME) + ' = REPLACE('
+ Quotename(COLUMN_NAME) + ',''' + #to_remove
+ ''',''' + #to_add + ''')'
FROM INFORMATION_SCHEMA.COLUMNS
WHERE table_name = 'TABLE_1'
AND COLUMN_NAME LIKE '%sound%'
FOR xml path(''))
SET #col_list = Stuff(#col_list, 1, 1, '')
SELECT #col_list
SET #sql = 'UPDATE ' + Quotename(#tableName) + ' SET '
+ #col_list
PRINT #sql
EXEC Sp_executesql
#sql