Thursday, 1 August 2013

Procedure after Concatenating the select Query

CREATE procedure sp_AdmissionRegister 

@Active varchar(5), 
@FranchiseCode varchar(50), 
@Session int 

as 
begin 
declare @sqlStr varchar(4000) 
set @sqlStr='' 
set @sqlStr = 'select row_number() over (order by (select(1))) as SNo, SM.ADMNNO,convert(varchar(13),SM.ADMNDATE,103) as ADMNDATE,SM.STDFIRSTNAME, 
               Convert(varchar(13),SM.DOB,103) as DOB, SM.F_MOBILE,SM.F_NAME, 
               SM.PRESENT_CLASS,SM.PRESENT_SEC,SM.TRANSPORTUSER,SM.ROUTENO,SM.ADDRESS,SM.F_OCCUPATION, 
               SM.CATEGORY,SM.M_NAME,SM.ACTIVE,SM.FranchiseCode,SM.StudentRegNo,SM.RandomPassword, 
               SM.F_EMAIL,SM.FormNumber 
               from STUDENTMASTER as SM' 
    if @Active<>'' 
    begin 
    set @sqlStr=@sqlStr+' where SM.Active ='''+@Active+''''  //string Parameter Concatenation
    end  
    else 
    begin 
  set @sqlStr=@sqlStr+' where SM.Active in (''Y'',''N'')'  //string value compare
    end           
   if @FranchiseCode<>'' 
   begin 
   set @sqlStr=@sqlStr+'and SM.FranchiseCode='''+@FranchiseCode+'''' 
   end 
   if @Session<>0 
   begin 
  set @sqlStr=@sqlStr+' and SM.Session='+CAST(@Session as varchar) +'' //Integer Parameter Concatenation
   end 
   exec(@sqlstr) 
end
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)