[ Log On ]
< <


Posted By: P.R.S
7/18/2012 12:00:00 AM
language: SQL

Well, firstly you've omitted the '+' from your string. This way of doing things is far from ideal, but you can do

create proc sp_TableName
@tablename varchar(50)
Exec('SELECT * FROM ' + @tableName)

I'd strongly suggest rethinking how you do this, however. Generating Dynamic SQL often leads to SQL Injection vulnerabilities as well as making it harder for SQL Server (and other DBs) to work out the best way to process your query. If you have a stored procedure that can return any table, you're really getting virtually no benefit from it being a stored procedure in the first place as it won't be able to do much in the way of optimizations, and you're largely emasculating the security benefits too.

Share Your Source Code or Article

Do you have source code, articles, tutorials, web links, and books to share? You can write your own content here. You can even have your own blog.

Submit now...