Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
AskSQLTeam
Ask SQLTeam Question
0 Posts |
 Posted - 2003-12-23 : 08:19:17
|
| Brad writes "Hi everyone,I need to be able to add / remove parameters of a query programmatically as well as recognize existing ones. I am using Visual Studio .NET.ie. A user enters a query into a textbox: select * from Employees where EmployeeID = ?The program will parse the query, recognize any existing parameters, and the user should be able to add new ones.I then want to retrieve the updated sql statement.ie. Using above query the user adds a new parameter (LastName) The resulting query should have the LastName = added to the where clause.Is there a method using existing database libraries to solve this without having to write a SQL parsing engine (which must already have been written numerous times). I imagine that even the command object has some form of this.Regards,Brad." |
|
|
nr
SQLTeam MVY
12543 Posts |
Posted - 2003-12-23 : 08:37:24
|
| It's not usual to do this sort of thing as it's a security risk as well as allowing the possibility of users running queries that can stop the server doing anything else.==========================================Cursors are useful if you don't know sql.DTS can be used in a similar way.Beer is not cold and it isn't fizzy. |
 |
|
|
SamC
White Water Yakist
3467 Posts |
Posted - 2003-12-23 : 12:49:22
|
You might want to search the sql home page for DYNAMIC and read a couple of articles.[url]http://sqlteam.com/SearchResults.asp?SearchTerms=dynamic&SUBMITs1=Search[/url]You could implement what you asked for, but like Nigel says, it would be a 'bad' thing  Unless you have absolutely no security concerns whatsoever at all. Nada. Bupkas.Sam |
|
|
|
|
|
|
Parse SQL Statement