0

How would I convert this logic into a SQL statement? 

IF @GrantSQL is successful, then continue to insert, if not stop query

This is the stored procedure: 

BEGIN
    DECLARE @GrantSql NVARCHAR(500)

     SET @GrantSql = 'EXEC sp_addsrvrolemember [' + @LoginName + '], ''sysadmin'''

     EXEC sp_executesql @GrantSql

     -- IF @GrantSQL is successful, then continue to insert, if not stop query
     BEGIN
         INSERT INTO....
     END
END
Improve this question

4 Answers 4

Reset to default
3 
DECLARE @GrantSql INT

EXEC @GrantSql = sp_addsrvrolemember @LoginName, 'sysadmin'

IF GrantSql = 0
BEGIN
    INSERT INTO...
END
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

In this case it works because sp_addsrvrolemember only returns two values, but be aware that the return type of stored procedures is INT, not BIT.
Don't use bit unless you have a really good reason to. It takes up a full byte and has all kinds of other issues. The answer is correct and I marked it as such but bit is almost always used to show off and is not more efficient then an int.
1

Try:

IF @@ERROR <> 0

See the documentation for @@ERROR. Also be aware that @LoginName could contain something bad, such as '; drop table students;'. That's a SQL injection vulnerability, and in general you'll want to avoid sp_executesql and parameterize your queries. See Lobanov's answer, which is better.

Improve this answer

Comments

-1

Something like:

BEGIN
    DECLARE @GrantSql NVARCHAR(500)

     SET @GrantSql = 'EXEC sp_addsrvrolemember [' + @LoginName + '], ''sysadmin'''


     BEGIN TRY
       EXEC sp_executesql @GrantSql
     END TRY
    --'IF @GrantSQL is successful than continue to insert if not stop query'
    BEGIN CATCH
      PRINT 'Oh man, this happened: '+ @@ERROR
      GOTO allDone
    END

    -- no errors. We're good to continue...
    BEGIN
        INSERT INTO....
    END

allDone:
END
Improve this answer

3 Comments

sp_addsrvrolemember could return 1 (ERROR !) without exception.
@Milney - SQL Injection isn't really a problem if you're the one running the SQL code. sp_addsrvrolemember is generally something that you execute internally; it's rarely made available outside one's organization.
@AlanBurstein That's a terrible approach to security, would you just leave the money room unlocked because it's in the building? Besides the fact it's easily avoidable and unnecessary in this situation, I think it's best to avoid in principle or atleast point out in an answer people may read and apply in a different context like a public input. The user the application is running as has the ability to add users to the sysadmin role so...
-1

You can use an output parameter with sp_executesql to capture the return value of a stored procedure (0 for success, 1 for failure):

DECLARE @GrantSql NVARCHAR(500);
DECLARE @ReturnValue INT;
SET @GrantSql = 'EXEC @ReturnValue = sp_addsrvrolemember [' + @LoginName + '], ''sysadmin'';';
EXEC sp_executesql @GrantSql, N'@ReturnValue INT OUTPUT', @ReturnValue OUT;

IF @ReturnValue = 0
BEGIN
    ....
END

But of course, you don't need dynamic SQL, you could simply use:

DECLARE @ReturnValue INT;

EXEC @ReturnValue = sp_addsrvrolemember @LoginName = @LoginName, @rolename = 'sysadmin';
IF @ReturnValue = 0
BEGIN
    ....
END

It also seems very unlikely that you would need to bulk add people to the sysadmin role. I don't know what you are trying to achieve, but it is probably not the right approach

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.