1

I'm currently working with a stored procedure that executes an INSERT statement using EXEC sp_executesql. The procedure takes several parameters, including @TRANSACTIONNUM, @CUSTOMERNUM, @VALUE, and @VALID. The value of @VALID is currently hardcoded to 0. However, I need to dynamically set the value of @VALID based on certain conditions whenever the SP is called.

The challenge is that this stored procedure is being called by a software application , and we cannot afford to update the software or take the server down at this time to make changes.

One possible solution I've heard is Wrapper function, However, I'm not sure if this would be feasible or if there are any potential pitfalls or limitations to consider.

Here's the current stored procedure called by the abovementioned software (Grabbed from SQL profiler) :

EXEC sp_executesql
N'
    INSERT INTO CUSTOMERINVEST
    (
        TRANSACTIONNUM,
        CUSTOMERNUM,
        VALUE,
        VALID
    )
    VALUES
    (
        @TRANSACTIONNUM,
        @CUSTOMERNUM,
        @VALUE,
        @VALID
    )
',
N'
    @TRANSACTIONNUM nvarchar(25),
    @CUSTOMERNUM nvarchar(25),
    @VALUE nvarchar(25),
    @VALID int
',
@TRANSACTIONNUM = '4567654-879975',
@CUSTOMERNUM = '7654666765',
@VALUE = '86786765675',
@VALID = 0
Improve this question
7
  • 2
    Are you really using both SQL Server 2005 and 2008? Both are completely unsupported, and have been for around 8 and 5 years respectively; you really need to implement you upgrade plans that you (presumably) finalised around a decade ago.
    – Thom A
    Commented Jun 4 at 12:15
  • 1
    I honestly can't even see a good reason for using sys.sp_executesql either; normally would would be used for dynamic statement,s but there's nothing dynamic about your statement at all.
    – Thom A
    Commented Jun 4 at 12:17
  • @ThomA actually we are planning to move forward but not ready 100% !
    – zolei
    Commented Jun 4 at 12:19
  • Does this application call sp_executesql directly or does it call some stored procedure that calls sp_executesql? That's a big difference. If you're just executing what you wrote in your question, you're out of luck, because you shouldn't override sp_executesql (it's a system procedure). Well, you can have a INSTEAD OF trigger that manupulates VALID according to your business rules and insert the proper values
    – siggemannen
    Commented Jun 4 at 12:22
  • 1
    You might not be able to afford to update, but I certainly doubt you'd be able to afford a fine if your data is breached. The server doesn't even support "modern" TLS protocols. TLS1.0 and TLS1.1 are almost considered as unencrypted by modern standards.
    – Thom A
    Commented Jun 4 at 12:32

1 Answer 1

Reset to default
1

In SQL Server 2008 try creating this wrapper stored procedure:

CREATE PROCEDURE dbo.WrapperInsertCustomerInvest
    @TRANSACTIONNUM nvarchar(25),
    @CUSTOMERNUM nvarchar(25),
    @VALUE nvarchar(25)
AS
BEGIN
    DECLARE @VALID int;

    -- Determine the value of @VALID based on your conditions
    -- Example condition: set @VALID to 1 if @VALUE is greater than a certain amount
    IF CAST(@VALUE AS BIGINT) > 1000000
    BEGIN
        SET @VALID = 1;
    END
    ELSE
    BEGIN
        SET @VALID = 0;
    END

    -- Call the original INSERT statement using sp_executesql
    DECLARE @sql nvarchar(max);
    SET @sql = N'
    INSERT INTO CUSTOMERINVEST
    (
        TRANSACTIONNUM,
        CUSTOMERNUM,
        VALUE,
        VALID
    )
    VALUES
    (
        @TRANSACTIONNUM,
        @CUSTOMERNUM,
        @VALUE,
        @VALID
    )';

    EXEC sp_executesql
        @sql,
        N'@TRANSACTIONNUM nvarchar(25), @CUSTOMERNUM nvarchar(25), @VALUE nvarchar(25), @VALID int',
        @TRANSACTIONNUM = @TRANSACTIONNUM,
        @CUSTOMERNUM = @CUSTOMERNUM,
        @VALUE = @VALUE,
        @VALID = @VALID;
END
Improve this answer
2
  • @ player0 does it also work onsql 2005 ?
    – zolei
    Commented Jun 4 at 14:01
  • @zolei yes, should be compatible
    – player0
    Commented Jun 4 at 14:02

Not the answer you're looking for? Browse other questions tagged or ask your own question.