If you do not filter, you should be careful about SQL injection attack.
create procedure sp_CalcExpression @ Expression varchar (8000), @ decimal (10,2) outasdeclare @sql nvarchar (4000) set @sql = N'set @ = ' @Expressionexec SP_EXECUTESQL @sql, N' @ decimal (10,2) Out ', @ outselect @
- ============================== - Call example: declare @x decimal (10, 2) Exec sp_calcexpression '( 100 2.1) * 0.01 ', @x outselect @X
- ====================================== - Related posts: Data Varbinary and VARCHAR transformation problem http: // community. 9cbs.net/expert/topicview.asp?id=3619946
Ask a data type conversion problem http://community.9cbs.net/expert/topicview.asp?id=3569862
- ================ - The following is create procedure sp_execExpression @ expression varchar (8000), @ varchar (8000) Outasdeclare @SQL nVARCHAR (4000) Set @SQL = N'SET @ = ' @ExecuteSQL @SQL, N' @ varchar (8000) OUT ', @ outselect @
- Call example: declare @x varchar (100) exec sp_execExpression 'left (' 'abcd', 2) ', @ x
