0

Is it possible to convert MyUser, MyPassword and MyDatabase within the following SQL Server script into parameters?

IF NOT EXISTS 
    (SELECT name  
     FROM master.sys.server_principals
     WHERE name = 'MyUser')
BEGIN
    CREATE LOGIN MyUser WITH PASSWORD = 'MyPassword'
END

CREATE DATABASE MyDatabase;
GO

USE MyDatabase;

CREATE USER MyUser FOR LOGIN MyUser;  
GO   

EXEC sp_addrolemember 'db_owner', 'MyUser'
Improve this question
5
  • 1
    What are you trying to do? GO is a script command, not a T-SQL keyword. This script can only run in SSMS or sqlcmd. If you want to run this eg during deployment, use Scripting variables and pass their values as parameters to the sqlcmd command that executes the script file Commented Oct 11, 2019 at 13:35
  • These scripted commands are necessary to configure a database for our business application. Since I have to do this regularly, I'd like to automate it without changing the mentioned properties at several places. Commented Oct 11, 2019 at 13:38
  • 1
    FYI sp_addrolemember has been deprecated since SQL Server 2012 (or prior) iirc. Commented Oct 11, 2019 at 13:40
  • Use scripting variables and sqlcmd then Commented Oct 11, 2019 at 13:41
  • User and password, yes. Database, I don't think so. Commented Oct 11, 2019 at 13:43

1 Answer 1

Reset to default
2

As you may have found out, you have to use literals for tasks like this. As a result you have to use dynamic SQL and safely inject the values For example, for the login (assuming the parameter values have been set in an SP):

DECLARE @SQL nvarchar(MAX);
IF NOT EXISTS (SELECT 1
               FROM sys.syslogins
               WHERE name = @MyLogin)
    SET @SQL = N'CREATE LOGIN ' + QUOTENAME(@MyLogin) + N' WITH PASSWORD = N' + QUOTENAME(@MyPassword,'''') + N';';

EXEC sp_executesql @SQL;

If the login already exists, then @SQL will have a value of NULL and won't be created.

As a result, your final SP will look something like this:

CREATE PROC dbo.SetupLogin @MyLogin sysname, @MyDatabase sysname, @MyPassword nvarchar(128) AS
BEGIN

    DECLARE @SQL nvarchar(MAX);
    IF NOT EXISTS (SELECT 1
                   FROM sys.syslogins
                   WHERE name = @MyLogin)
        SET @SQL = N'CREATE LOGIN ' + QUOTENAME(@MyLogin) + N' WITH PASSWORD = N' + QUOTENAME(@MyPassword,'''') + N';';


    EXEC sp_executesql @SQL;

    SET @SQL = N'CREATE DATABASE ' + QUOTENAME (@MyDatabase) + N';'

    EXEC sp_executesql @SQL;

    SET @SQL = N'USE ' + QUOTENAME (@MyDatabase) + N';' + NCHAR(13) + NCHAR(10) +
               N'CREATE USER ' + QUOTENAME(@MyLogin) + N' FOR LOGIN ' + QUOTENAME(@MyLogin) + N';' + NCHAR(13) + NCHAR(10) +
               N'ALTER ROLE db_owner ADD MEMBER ' + QUOTENAME(@MyLogin) + N';'; --sp_addrolemember is deprecated, stop using it.
    EXEC sp_executesql @SQL;

END;
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.