It should be noted that passing a string like this is a horrible way of
doing this. If you construct the string from user input, you leave yourself
wide open to an injection attack.
Use SqlCommand and SqlParameter. They are your friends.
--
- Nicholas Paldino [.NET/C# MVP]
-
mv*@spam.guard.caspershouse.com
"John B" <jb******@yahoo.comwrote in message
news:44********@news.iprimus.com.au...
Alan T wrote:
>I have a string passed from another function, eg
list_employee 4
This will call the stored procedure list_employee to get details of
employee of id 4.
Is there a way to just use this string, list_employee 4 instead of
splitting into
list_employee
and
4 ?
I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.
No, you will have to split up the string and set the querytext to
list_employee and add 4 as a parameter.
You might be able to wrap it using exec or sp_executesql but you would
have to check that one.
JB