Parametrise where clause in SQL Server 2008 R2 -
i want pass parameter of stored procedure where clause c#. have declared parameter @whereclause nvarchar(max) , in query have given this
select distinct clfiik.adid ,clfiik.adgivername ,clfiik.adgiveremail ,clfiik.title ,left(clfiik.descripton,200) +'...' descripton -- select 200 caharacter , after 200 char add ... , case when clfiik.type = 1 -- wanted events 'wanted event' when clfiik.type = 1 -- offering events 'offering event' else -- neither wanted no offering events 'no event yet' end type ,case when datediff(hour, publisheddate, getdate()) < 24 case datediff(hour, publisheddate, getdate()) when 1 convert(varchar, datediff(hour, publisheddate, getdate())) + ' hour ago' else convert(varchar, datediff(hour, publisheddate, getdate())) + ' hours ago' end else replace(convert(varchar, publisheddate, 6), ' ', '-') end publisheddate ,clfiik.lastmodifieddate ,lm.localityname +', '+ citym.cityname address ,cm.categoryname ,cm.categoryid clf.utblclfadinstanceinfokeys clfiik inner join dbo.utblcategorymaster cm on cm.categoryid = clfiik.categoryid inner join dbo.utbllocalitymaster lm on lm.localityid = clfiik.localityid inner join dbo.utblcitymaster citym on citym.cityid = lm.cityid left join clf.utblclfadinstancedtls adinsdeets on adinsdeets.adid = clfiik.adid @whereclause; sql server 2008 r2 throws error
msg 4145, level 15, state 1, procedure udspgetclfsearchresulteventlist, line 55
expression of non-boolean type specified in context condition expected, near ';'.
how can fix error? surely appreciated.
while true work...
declare @sql nvarchar(2000) = 'select .... ....' declare @sqlwithwhere nvarchar(2000) set @sqlwithwhere = @sql + @whereclause exec sp_executesql @sqlwithwhere ...you should declare stored procedure parameters in c# , pass them individually. there risk of sql injection dynamic sql this. , more of hack standard approach.
Comments
Post a Comment