0

I can access tables in another database OK using the fully qualified name like

select * from [DEV-test].dbo.ArchiveCutoff

Now I want to do the same table in a stored procedure.

My code is

create procedure test  
    @src varchar (128) 
as
begin
  set @src = '[DEV-test]'
  select * from  @src.dbo.ArchiveCutoff
end

But I get an error:

Msg 102, Level 15, State 1, Line 12
Incorrect syntax near '.'.

What is the correct way to do this.

Improve this question
4
  • Do you want to change the source database depending on some criteria in stored procedure? Commented Aug 25, 2014 at 18:41
  • You cannot replace the database, table or column names with parameters. If you want to do this, you'll have to resort to "dynamic SQL" Commented Aug 25, 2014 at 18:48
  • Sorry I did not put the paragraph right as it is my first time on this site. It should be Commented Aug 25, 2014 at 18:50
  • @GeorgeLu:- Did the answer help? Commented Aug 25, 2014 at 18:52

3 Answers 3

Reset to default
1

You seem to be looking for Dynamic SQL, using one of the textbook examples. This is generally a bad idea, though there are workarounds. If you read the linked article, some suggestions are offered.

If you absolutely have to use it, though, you are looking for

create procedure test  @src varchar (128) as
begin

 set @src = QUOTENAME(@src) -- leave this 
 set @src = '[DEV-test]'

 declare @sql varchar(200)
 set @Sql = 'select * from ' + @src + '.dbo.ArchiveCutoff'

 EXEC (@SQL)


end

or

create procedure test  @src varchar (128) as
begin

 set @src = QUOTENAME(@src) -- leave this 
 set @src = '[DEV-test]'


 EXEC ('select * from ' + @src + '.dbo.ArchiveCutoff')


end
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

@R.T., it isn't different: my code is basically the same. I began writing this answer before yours was posted, and I didn't see yours until after I already posted it: no piracy was intended. Once I had posted my answer I saw your own, very similar answer, but decided to leave mine up because of the link.
These are all helpful. Thanks. I am really impressed in the quick response.
You need to wrap your database name variable in QUOTENAME to help prevent sql injection. As posted this is wide open.
0

Use the inline query

create procedure test 
( @src varchar (128) )as
begin
 set @src = '[DEV-test]'
 declare @x varchar(100)
 @x = 'select * from' +  @src +'.dbo.ArchiveCutoff'
 exec(@x)
end
Improve this answer

2 Comments

@George Lu:- You may accept the answer if that helped you! :) A right tick mark near the upvote option(it will turn green)
You need to wrap your database name variable in QUOTENAME to help prevent sql injection. As posted this is wide open.
0

I am posting a modification to the previous two answers. I realize in your code you pass in a parameter and then set it to a hardcoded value. I assume that is for testing purposes. The problem is that both of the posted solutions are vulnerable to sql injection once you remove that line. A minor change to both of the excellent previous answers might be like this to prevent sql injection.

create procedure test 
( 
    @src varchar (128) 
)as
    --Presumably this line will be removed after testing. 
    --And because we are using QUOTENAME you want the actual name here with no brackets.
    set @src = 'DEV-test' 

    set @src = QUOTENAME(@src) --This is to help prevent sql injection
    declare @x nvarchar(100)
    set @x = N'select * from ' +  @src +'.dbo.ArchiveCutoff'
    --uncomment the exec line when comfortable your code is correct
    --exec sp_executesql @x

    select @x
GO
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.