Hi :-)I am trying to build a procedure that given a table name will do a select from that table. not only that i am having issues also that i read i need to be careful with SQL Injection and I also have no clue how to prevent that.here are my sample tables [code="sql"]create table model1 ( id int, mydata nvarchar (10) ) insert into model1 (id, mydata) values (1, 'astrid'); insert into model1 (id, mydata) values (2, 'peter'); insert into model1 (id, mydata) values (3, 'netha'); select * from model1 create table model2 ( id int, mydata nvarchar (10) ) insert into model2 (id, mydata) values (1, 'astrid'); insert into model2 (id, mydata) values (2, 'peter'); insert into model2 (id, mydata) values (3, 'netha'); select * from model2 create table model3 ( id int, mydata nvarchar (10) ) insert into model3 (id, mydata) values (1, 'astrid'); insert into model3 (id, mydata) values (2, 'peter'); insert into model3 (id, mydata) values (3, 'netha'); select * from model3[/code]and this is what i have so far but no no, doesnt want to work :crying:[code="sql"]create procedure DailyReport_sp@ModelNumber nvarchar(100),@debug bit = 0 asBegindeclare @TableName nvarchar(200)set @TableName = select name from sys.objects where type = 'u' and name = @ModelNumberset @SQLQuery = 'SELECT * FROM ' + @TableNameif @debug = 1 PRINT @sqlend[/code]
↧