RE: Update 1 of 3 tables based on parameter

SSC Guru

Points: 1003861

June 28, 2016 at 7:02 am

David92595 (6/28/2016)
Hello,
I am trying to dynamically update a table (as much as possible) based on a parameter. However, because I'm trying to avoid SQL injection I'm hard coding the table names, but still need to be able to select which one based on another parameter (@State).
@ID int,
@State varChar,
@ColumnName varchar,
@NewValue datetime
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
SELECT CASE @State
Case 'AZ' THEN
UPDATE AZ_Fees
SET @ColumnName = @NewValue
WHERE ID = @ID
Case 'CA' THEN
UPDATE CA_Fees
SET @ColumnName = @NewValue
WHERE ID = @ID
Case 'HI' THEN
UPDATE HI_Fees
SET @ColumnName = @NewValue
WHERE ID = @ID
What is the best way to go about this?
David92595

My question would be... why are these fees stored in a separate table for each state?

--Jeff Moden

RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
First step towards the paradigm shift of writing Set Based code:
________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

Change is inevitable... Change for the better is not.

Helpful Links:
How to post code problems
How to Post Performance Problems
Create a Tally Function (fnTally)