the SP get one parameter, its the WHERE,
and then I execute the query,
here is my SP:
ALTER PROCEDURE [dbo].[rptEventToPsy]
@.strSQL nvarchar(4000)=''
as
DECLARE @.SQLString NVARCHAR(4000);
SET @.SQLString = N'SELECT
dbo.tbl_CA_meeting.userID, dbo.tblUsersName.OrdName, COUNT(dbo.tbl_CA_event.itemInPackageID) AS Expr1, dbo.tbl_CA_itemInPackage.itemInPackageName, dbo.tbl_CA_package.packageName FROM dbo.tbl_CA_meeting INNER JOIN
dbo.tbl_CA_event ON dbo.tbl_CA_meeting.eventID = dbo.tbl_CA_event.eventID
INNER JOIN
dbo.tbl_CA_itemInPackage ON dbo.tbl_CA_event.itemInPackageID = dbo.tbl_CA_itemInPackage.itemInPackageID
INNER JOIN
dbo.tbl_CA_package ON dbo.tbl_CA_itemInPackage.packageID = dbo.tbl_CA_package.packageID
INNER JOIN
dbo.tblUsersName ON dbo.tbl_CA_meeting.userID = dbo.tblUsersName.UserId
INNER JOIN
dbo.tbl_CA_mishmeret ON dbo.tbl_CA_meeting.mishmeretID = dbo.tbl_CA_mishmeret.mishmeretID ';
SET @.SQLString = @.SQLString + @.strSQL ;
SET @.SQLString = @.SQLString + '
GROUP BY
dbo.tbl_CA_meeting.userID,
dbo.tblUsersName.OrdName,
dbo.tbl_CA_itemInPackage.itemInPackageName,
dbo.tbl_CA_package.packageName';
EXEC sp_ExecuteSql @.SQLString
return;
my problem is in the Reports, I cant to connect the data to the fileds, (the value is empty)
how can I do it?First, your stored procedure is very susceptible to SQL injection. You really need to constrain the input more. There are several articles on the web that will help you. You can accomplish the same result by using an expression for the SQL statement in the report and write some functions to check the input values.sql
No comments:
Post a Comment