1

I am executing the following sql. I get a syntax error which is (Incorrect syntax near '=') The query executes fine and gives proper results when executed normally. couldn't understand. plz take a look.

DECLARE @pvchMachineId VARCHAR(100)  = ''

DECLARE @pvchMake VARCHAR(100) = ''

DECLARE @sql NVARCHAR(1000)

SELECT @sql = ' SELECT TOP 20 x.intId, x.vchMachineId, x.AUDenom, x.intGroupId,

x.vchMake, x.vchModel, x.mCurrency

from dbo.Machine x

inner join
(select max(m1.AUDenom) as audenom, m1.vchMachineId

from dbo.Machine m1
left JOIN dbo.ImportedFile ife on m1.intImportedFileId = ife.intId
WHERE ife.dtFileDate >= ''1-1-2013'' AND ife.dtFileDate <= ''1-29-2014'' AND

--following two lines cause the error

(' + @pvchMake + '= ''0'' OR m1.vchMake = @pvchMake) AND

(' + @pvchMachineId +'= ''0'' OR m1.vchMachineId = @pvchMachineId)

group by vchMachineId) y

on x.AUDenom = y.audenom and x.vchMachineId = y.vchMachineId 
ORDER BY x.AUDenom DESC'
Improve this question
9
  • What are the values of your variables? Commented Jan 29, 2014 at 20:11
  • how are you passing those parameters to execute statement? Commented Jan 29, 2014 at 20:12
  • 1
    Can you show non-dynamic version of your query. It an help to understand what you mean. Commented Jan 29, 2014 at 20:14
  • the best way to check dynamic sql is to use SELECT @sql at last line Commented Jan 29, 2014 at 20:14
  • 1
    A comment with -- in sql ends when the line ends. Same in dynamic sql. Commented Jan 29, 2014 at 20:19

3 Answers 3

Reset to default
2

Update your query to the following

(@pvchMake = ''0'' OR m1.vchMake = @pvchMake) AND
(@pvchMachineId = ''0'' OR m1.vchMachineId = @pvchMachineId)

than later when you go to execute just pass it in as parameters to sp_executesql function.

EXEC sp_executesql @sql
         ,N'@pvchMachineId VARCHAR(100), @pvchMake VARCHAR(100)'
         ,@pvchMachineId,@pvchMake

or this which is cleaner

Declare @ParametersDefinition NVARCHAR(max) = N'@pvchMachineId VARCHAR(100), @pvchMake VARCHAR(100)'
EXEC sp_executesql @sql, @ParametersDefinition, @pvchMachineId,@pvchMake

In the end you do not want to concatenate your dynamic SQL statement, it opens it up for SQL Injections. Even though it is a valid option it should be avoided at all cost.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i've executed it from application as well. it works fine
2

This statement :

'(' + @pvchMake + '= ''0'' OR m1.vchMake = @pvchMake)'

Will output, since the variables are not initialized by anything else than '' :

(= '0' OR m1.vchMake = @pvchMake)

Which is not correct syntaxically.

You should use :

'(''' + @pvchMake + '''= ''0'' OR m1.vchMake = @pvchMake)'

Which would output :

(''= '0' OR m1.vchMake = @pvchMake)
Improve this answer

1 Comment

i send a 0 or '' from application if i want the OR operator to short circuit. in case a match is required, i send a string value.
0

Maybe this can make sense:

...

(''' + @pvchMake + '''= ''0'' OR m1.vchMake = ''' + @pvchMake +''') AND

(''' + @pvchMachineId +'''= ''0'' OR m1.vchMachineId = ''' + @pvchMachineId + ''')
...
Improve this answer

3 Comments

+1 @THunter or you could send '''' instead of ''.
@THunter, You can use @SaUce solution if you want to pass @pvchMake and @pvchMake as arguments.
@HamletHakobyan. i was making a syntax error and its working just fine with the modification

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.