Login/Register
EXEC sp_executesql with multiple parameters
Asked Answered
Solved sql-servert-sqlstored-proceduressp-executesql
C

4

55

How to pass the parameters to the EXEC sp_executesql statement correctly?

This is what I have now, but i'm getting errors:

alter PROCEDURE [dbo].[usp_getReceivedCases]
    -- Add the parameters for the stored procedure here
    @LabID int,
    @RequestTypeID varchar(max),
    @BeginDate date,
    @EndDate date
AS
BEGIN
    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;


declare @statement nvarchar(4000)

set @statement = N'select   SentToLab,
FROM     dbo.vEmailSent
WHERE     SentToLab_ID=@LabID and convert(date,DateSent) >= @BeginDate 
and CONVERT(date, datesent) <= @EndDate
and RequestType_ID in ( @RequestTypeID )

EXEC sp_executesql  @statement,N'@LabID int',  @LabID, N'@BeginDate date', @BeginDate,N'@EndDate date', @EndDate, @RequestTypeID=@RequestTypeID

END

RequestTypeID is a comma delimited list of integers, like so: "1,2,3,4,5"

here is my try #2, also unsuccessful

declare @statement nvarchar(4000)

SET @statement =' select    SentToLab_ID

FROM     dbo.vEmailSent
WHERE     
SentToLab_ID='+@LabID+' and convert(date,DateSent) >= '+@BeginDate +'
and CONVERT(date, datesent) <= '+@EndDate+'
and RequestType_ID in ('+ @RequestTypeID+' )
group by FileStream_ID, SentToLab_ID'


EXEC(@statement)

Operand type clash: date is incompatible with int

Characharabanc answered 12/2, 2015 at 15:20 Comment(2)
vyaskn.tripod.com/passing_arrays_to_stored_procedures.htmKrever
@TabAlleman - using method 1 i get: Conversion failed when converting the varchar value '+ @RequestTypeID+' to data type int.Characharabanc
S
114

Here is a simple example:

EXEC sp_executesql @sql, N'@p1 INT, @p2 INT, @p3 INT', @p1, @p2, @p3;

Your call will be something like this

EXEC sp_executesql @statement, N'@LabID int, @BeginDate date, @EndDate date, @RequestTypeID varchar', @LabID, @BeginDate, @EndDate, @RequestTypeID
Superstition answered 12/2, 2015 at 15:25 Comment(3)
It is almost the same when you need to assign a value of variable using sp_executesql - only add OUTPUT to the parameters definition list for the specified parameter and the parameter itself: EXEC sp_executesql @sql, N'@p1 INT OUTPUT', @p1 OUTPUT;Salivation
What if the param is string example instead of IN query for integers if its string. It doesn't work for me nor did i found and solution on the internet. Do you have any clue?Odorous
I think that would require a solution that opens up for sql injection: SET "@SQLCmd = 'SELECT * FROM Table WHERE col IN (' + @cols + ')'"Superstition
M
8

This also works....sometimes you may want to construct the definition of the parameters outside of the actual EXEC call. 

DECLARE @Parmdef nvarchar (500)
DECLARE @SQL nvarchar (max)
DECLARE @xTxt1  nvarchar (100) = 'test1'
DECLARE @xTxt2  nvarchar (500) = 'test2' 
SET @parmdef = '@text1 nvarchar (100), @text2 nvarchar (500)'
SET @SQL = 'PRINT @text1 + '' '' + @text2'
EXEC sp_executeSQL @SQL, @Parmdef, @xTxt1, @xTxt2
Mariko answered 24/4, 2018 at 16:24 Comment(0)
S
2

If one need to use the sp_executesql with OUTPUT variables:

EXEC sp_executesql @sql
                  ,N'@p0 INT'
                  ,N'@p1 INT OUTPUT'
                  ,N'@p2 VARCHAR(12) OUTPUT' 
                  ,@p0
                  ,@p1 OUTPUT
                  ,@p2 OUTPUT;
Salivation answered 7/10, 2020 at 12:7 Comment(0)
S
-2

maybe this help :

declare 
@statement AS NVARCHAR(MAX)
,@text1 varchar(50)='hello'
,@text2 varchar(50)='world'

set @statement = '
select '''+@text1+''' + '' beautifull '' + ''' + @text2 + ''' 
'
exec sp_executesql @statement;

this is same as below :

select @text1 + ' beautifull ' + @text2
Shirleeshirleen answered 10/12, 2019 at 1:12 Comment(1)
This post does not answer the question, nor does it contribute anything not covered in the two existing answers.Esotropia

© 2022 - 2024 — McMap. All rights reserved.