Using table names as parameters in t-sql (e.g. from @tblname)

Question

Using table names as parameters in t-sql (e.g. from @tblname)

Can table name be used as parameter in t-sql?

I want to insert data into a table, but I need one method in C # that has a parameter for the table.

Is this a good approach? I think if I have one form and I select a table and fields for data input, I essentially want to write my own dynamic SQL query created on the fly. Is it completely different that I'm sure his catches?

thanks

+4

tsql

dotnetdev Feb 21 '10 at 20:41

source share

1 answer

Marc gravell · Accepted Answer · 2010-02-21T20:44:28+0000

Not directly. The only way to do this is through dynamic SQL - either EXEC or sp_ExecuteSQL . The latter has the advantage of query / reuse cache and avoids injecting through parameters for values, but you have to combine the table name into the query (you cannot parameterize it), so make sure that the white -list it against the list of known table names.

Using table names as parameters in t-sql (e.g. from @tblname)

More articles: