Home Forums SQL Server 2008 SQL Server Newbies Stored Procedure InputParameter and SQLString RE: Stored Procedure InputParameter and SQLString

  • August 15, 2012 at 8:07 am

    #1526006

    Having said that ----

    This works - d/k if it does exactly what you want:

    DECLARE @command nvarchar(100)

    DECLARE @par nvarchar(100)

    DECLARE @user nvarchar(100)

    DECLARE @commandString nvarchar(400)

    SET @command = 'GRANT VIEW DEFINITION'

    SET @par = '''P'',''U'''

    SET @user = 'guest'

    CREATE TABLE #tmptab (Kju varchar(max));

    SET @commandString =

    'INSERT INTO #tmpTab SELECT ''' +@command + ' '' + SCHEMA_NAME(schema_id) + ''.'' + [name] + '' TO ' +@user+

    ''' FROM sys.objects

    WHERE [type] IN ( '+@par+' ) AND is_ms_shipped = 0;'

    PRINT @commandString

    EXEC sp_executesql @commandstring

    By the way, I wouldn't call the sp 'Permissions', as SQL is colouring it, so it may cause a problem. Best to call it something distinctive & unique.

    MS also recommend using the schema names too e.g. EXEC dbo.xxxxxxxxxxxx