How Do I Concatenate A Variable After Dot

Question

0.00/5 (No votes)

See more:

SQL-Server-2012

Hello i want to use a variable after '.' operator like this:

SQL

SELECT * FROM DestinationDatabase.dbo.@TableName

Yet i get syntax error. Any idea on how to circumvent this?
Appreciating the help.

Posted 8-Sep-14 3:47am

YourAverageCoder

Updated 8-Sep-14 3:49am

v2

Add a Solution

2 solutions

Solution 1

You can't use variables (starting with @) for table names in SQL, if you need to be dynamic either :

1) create your queries on the client in string format and execute on your server.
2) create a sql string variable of your query and EXEC() it (be aware that SQL permissions of the user executing will apply).

Posted 8-Sep-14 3:54am

Mehdi Gholam

Comments

YourAverageCoder 8-Sep-14 9:59am

For your second point i tried sp_executesql. Here's how i did it:
SET @dynamicSQLCommand = 'SELECT * FROM DestinationDatabase.dbo.@TableName'
EXEC sp_executesql @dynamicSQLCommand, N'@TableName nvarchar(500)', @TableName = @copiedTableName
Yet i still got the syntax error in first row of the code.

Mehdi Gholam 8-Sep-14 10:06am

See the solution 2 for this.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Stephen Hewison · Accepted Answer · 2014-09-08T03:57:00

You need to use Dynamic SQL

There is an SQL command called sp_ExecuteSQL

This will allow you build a string such as this and execute it:

SQL

DECLARE @MySQL VARCHAR(MAX)
SET @MySQL = 'SELECT * FROM DestinationDatabase.dbo.' + @TableName
EXEC sp_ExecuteSQL @MySQL

WARNING!!! WARNING!!! WARNING!!!

Make sure you understand the security implications of using dynamic SQL. Most website hacks are done by injecting addition SQL into dynamic SQL executions.

This is the MSDN article for sp_ExecuteSQL

http://msdn.microsoft.com/en-gb/library/ms188001.aspx[^]

This is a article with covers the security risks.

The Curse and Blessings of Dynamic SQL[^]