Using table names as parameters in t-sql (eg from @tblname)

Question

Is it possible to use the name of a table as a parameter in t-sql?

I want to insert data into a table, but I want one method in C# which has a parameter for the table.

Is this a good approach? I think if I have one form and I am choosing the table and fields to insert data into, I am essentially looking to write my own dynamic sql query built on the fly. This is another thing altogether which I am sure has its catches?

Thanks

Related: http://stackoverflow.com/questions/2285872/how-do-i-execute-sql-text-passed-as-an-sp-parameter — OMG Ponies, Feb 21 '10 at 20:47

score 2 · Accepted Answer · answered Feb 21 '10 at 20:44

2

Not directly. The only way to do this is through dynamic SQL - either EXEC or sp_ExecuteSQL. The latter has the advantage of query cache/re-use, and avoiding injection via parameters for the values - but you will have to concatenate the table-name itself into the query (you can't parameterise it), so be sure to white-list it against a list of known-good table names.

answered Feb 21 '10 at 20:44

Marc Gravell

1,026,079
266
2,566
2,900

Just what I thought re exec. Thanks. – GurdeepS Feb 21 '10 at 20:58

Using table names as parameters in t-sql (eg from @tblname)

1 Answers1