4

Is it possible to use the name of a table as a parameter in t-sql?

I want to insert data into a table, but I want one method in C# which has a parameter for the table.

Is this a good approach? I think if I have one form and I am choosing the table and fields to insert data into, I am essentially looking to write my own dynamic sql query built on the fly. This is another thing altogether which I am sure has its catches?

Thanks

Improve this question
2
  • Not really, no, unless you do it in dynamic SQL. Commented Feb 21, 2010 at 20:44
  • Related: stackoverflow.com/questions/2285872/… Commented Feb 21, 2010 at 20:47

1 Answer 1

Reset to default
2

Not directly. The only way to do this is through dynamic SQL - either EXEC or sp_ExecuteSQL. The latter has the advantage of query cache/re-use, and avoiding injection via parameters for the values - but you will have to concatenate the table-name itself into the query (you can't parameterise it), so be sure to white-list it against a list of known-good table names.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Just what I thought re exec. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.