473,473 Members | 1,816 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

Stored Procedure with parameter

I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of employee
of id 4.

Is there a way to just use this string, list_employee 4 instead of splitting
into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.
Jul 13 '06 #1
5 1623
Alan T wrote:
I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of employee
of id 4.

Is there a way to just use this string, list_employee 4 instead of splitting
into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.

No, you will have to split up the string and set the querytext to
list_employee and add 4 as a parameter.
You might be able to wrap it using exec or sp_executesql but you would
have to check that one.

JB
Jul 13 '06 #2
It should be noted that passing a string like this is a horrible way of
doing this. If you construct the string from user input, you leave yourself
wide open to an injection attack.

Use SqlCommand and SqlParameter. They are your friends.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"John B" <jb******@yahoo.comwrote in message
news:44********@news.iprimus.com.au...
Alan T wrote:
>I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of
employee of id 4.

Is there a way to just use this string, list_employee 4 instead of
splitting into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.
No, you will have to split up the string and set the querytext to
list_employee and add 4 as a parameter.
You might be able to wrap it using exec or sp_executesql but you would
have to check that one.

JB

Jul 13 '06 #3
Nicholas Paldino [.NET/C# MVP] wrote:
It should be noted that passing a string like this is a horrible way of
doing this. If you construct the string from user input, you leave yourself
wide open to an injection attack.

Use SqlCommand and SqlParameter. They are your friends.

Definitely, however since the name of the sp is passed I would think
(hope) that it wouldnt be from user input.

IDbCommand and IDataParameter should be any db programs workhorses :)

JB
Jul 13 '06 #4
HI,
Add the exec to the front of the SQL expression and treat is as a norlam sql
expression, as in
"Exec list_employee 4"
this should call the SP with the 4 as the parameter.

Robert

"Alan T" <al*************@yahoo.com.auwrote in message
news:eJ**************@TK2MSFTNGP04.phx.gbl...
I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of
employee
of id 4.

Is there a way to just use this string, list_employee 4 instead of
splitting
into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.


Jul 13 '06 #5
Download this and play with the sample with stored procedure and parameter.
You won't regret:
http://www.microsoft.com/downloads/d...displaylang=en

chanmm
"Alan T" <al*************@yahoo.com.auwrote in message
news:eJ**************@TK2MSFTNGP04.phx.gbl...
>I have a string passed from another function, eg

list_employee 4

This will call the stored procedure list_employee to get details of
employee of id 4.

Is there a way to just use this string, list_employee 4 instead of
splitting into
list_employee
and
4 ?

I know we can use SqlCommand and SqlParameter.
I don't know if it has 1 or anynumber of parameters so if I can just pass
this whole string would be great.

Jul 13 '06 #6
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
HOW TO: Call a Parameterized Stored Procedure by Using ADO.NET and Visual C# .NET
by: Nashat Wanly | last post by:
HOW TO: Call a Parameterized Stored Procedure by Using ADO.NET and Visual C# .NET View products that this article applies to. This article was previously published under Q310070 For a Microsoft...
Latest Bytes
4
Java Stored Procedures (V7.2)
by: Rhino | last post by:
Is it possible for a Java Stored Procedure in DB2 V7.2 (Windows) to pass a Throwable back to the calling program as an OUT parameter? If yes, what datatype should I use when registering the...
Latest Bytes
2
run stored procedure
by: Dino L. | last post by:
How can I run stored procedure (MSSQL) ?
Latest Bytes
0
turning Resultsets Using Sql Server Stored Procedures...
by: Amber | last post by:
Stored procedures are faster and more efficient than in-line SQL statements. In this article we will look at two SQL Server stored procedures; one using an input parameter and one not, and see how...
Latest Bytes
7
ObjectDataSource - problem inserting empty field into stored proce
by: Dabbler | last post by:
I'm using an ObjectDataSource with a stored procedure and am getting the following error when trying to update (ExecuteNonQuery): System.Data.SqlClient.SqlException: Procedure or Function...
Latest Bytes
1
Passing UpdateParameters or a Detail View to a stored Procedure
by: jkeel | last post by:
If I try to Update a record with the following code using a stored procedure I get an error: <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$...
Latest Bytes
9
Stored Procedure and SQLCommand
by: fniles | last post by:
I am using VB.NET 2003 and SQL2000 database. I have a stored procedure called "INSERT_INTO_MYTABLE" that accepts 1 parameter (varchar(10)) and returns the identity column value from that table....
Latest Bytes
2
Stored procedure
by: Krij | last post by:
Hi, I'm a student and I have the following working example that troubles me (in SQL Server 2005): CREATE PROCEDURE dbo.CustomersOrderHistory ( @Firstname varchar(7) OUTPUT) AS SELECT ...
Latest Bytes
2
stored procedure in sqlexpress
by: jed | last post by:
I have created this example in sqlexpress ALTER PROCEDURE . @annualtax FLOAT AS BEGIN SELECT begin1,end1,deductedamount,pecentageextra FROM tax
Latest Bytes
0
Help with stored procedure
by: SOI_0152 | last post by:
Hi all! Happy New Year 2008. Il hope it will bring you love and happyness I'm new on this forum. I wrote a stored procedure on mainframe using DB2 7.1.1 and IBM language c. Everything works...
Latest Bytes
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
Latest Bytes
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Latest Bytes
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Latest Bytes
1
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Latest Bytes
1
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Latest Bytes
0
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Latest Bytes
0
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Latest Bytes
0
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
Latest Bytes
0
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
Latest Bytes

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us