Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IN Clause problem 1

Status
Not open for further replies.
HardcoreTechnoHead

HardcoreTechnoHead

Technical User
Sep 19, 2002
17
0
0
GB
I have a Database which requires all access to be made through stored procedures for security/audit purposes.

What I need to do is pass the list of id's to search in an IN clause as a parameter of a stored procedure

i.e.
Create Procedure [GetOrgUserList]
@OrganisationList varchar(2048)
AS
SELECT UserId
FROM User
WHERE OrganisationId in (@OrganisationList)

@OrganisationList will take the form of
2,6,5,9,26

This causes an error when executed
Syntax error converting the varchar value '2,6' to a column of data type int.

I can wrap the select up into an execute statement such as
EXECUTE ('SELECT UserId FROM User WHERE OrganisationId IN (' + @OrganisationList + ')')

But this then requires select permission on the User table which is expressly forbidden

Any Ideas?

Andie Harper
"If you can keep your head when all around you have lost theirs, you probably haven't understood the seriousness of the situation"

 
Sort by date Sort by votes
You will probably have to use dynamic sql. Try this:

Create Procedure [GetOrgUserList]
@OrganisationList varchar(2048)
AS
declare @sql varchar(3000)
select @sql = 'SELECT UserId
FROM User
WHERE OrganisationId in (' + @OrganisationList + ')'
exec (@sql)

Hope this helps.
 
Upvote 0 Downvote
See thread183-450813. I recommend downloading and using fn_split if you are running SQL Server 2000. Otherwise, use the 1st solution in the referenced thread. If you want to get the best answer for your question read faq183-874 and thread183-468158.


Terry L. Broadbent - DBA
SQL Server Page:
 
Upvote 0 Downvote
More info

I'm using SQL Server 7

I have already stated tha the use of dynamic SQL is not allowed as this requires SELECT pemrissions on the USER table. As this is for a web applicaiton using a single SQL login, it is not possible to isolate permissions for specific users

Any other ides?

Andie Harper
"If you can keep your head when all around you have lost theirs, you probably haven't understood the seriousness of the situation"
 
Upvote 0 Downvote
Write your own parser. Parse the delimited string and insert the values into a temporary table. Then join the main table to the temp table. This solution is the SQL 7 version of fn_split. Check at SWYNK.COM for some parsing scripts.

If you want to get the best answer for your question read faq183-874 and thread183-468158.


Terry L. Broadbent - DBA
SQL Server Page:
 
Upvote 0 Downvote
The parser was a good idea, sometimes you need to step away from the problem to see the solutions.

Basically I parse the input paramter into a temporary table and use a select to produce the "IN" list

Thanks for the help Terry

Andie Harper
"If you can keep your head when all around you have lost theirs, you probably haven't understood the seriousness of the situation"
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
Error in Select query
Replies
14
Views
156
Andrzejek
Andrzejek
Andrzejek
  • Locked
  • Question
Eliminate pesky [ ] in SQL Management Studio
Replies
5
Views
119
SaltyTheFrog
SaltyTheFrog
Auguy
  • Locked
  • Question
Using UDF In Select, Bad Idea? 2
Replies
3
Views
86
Auguy
Auguy
Auguy
  • Locked
  • Question
Connection String in .NET program Config File 2
Replies
10
Views
139
Auguy
Auguy
BobThornton
  • Locked
  • Question
Drop a table based on the count of records in another table
Replies
13
Views
105
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top