Home/ Questions/Q 401333
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T17:01:28+00:00

I have a sql server stored procedure that I use to backup data from

  • 0

I have a sql server stored procedure that I use to backup data from our database before doing an upgrade, and I’d really like it to be able to run the stored procedure on multiple databases by passing in the database name as a parameter. Is there an easy way to do this? The best I can figure is to dynamically build the sql in the stored procedure, but that feels like its the wrong way to do it.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There isn’t any other way to do this. Dynamic SQL is the only way; if you’ve got strict controls over DB names and who’s running it, then you’re okay just truncating everything together, but if there’s any doubt use QUOTENAME to escape the parameter safely:

    CREATE PROCEDURE doStuff
    @dbName NVARCHAR(50)
AS
    DECLARE @sql NVARCHAR(1000)

    SET @sql = 'SELECT stuff FROM ' + QUOTENAME(@dbName) + '..TableName WHERE stuff = otherstuff'

    EXEC sp_ExecuteSQL (@sql)

    Obviously, if there’s anything more being passed through then you’ll want to double-check any other input, and potentially use parameterised dynamic SQL, for example:

    CREATE PROCEDURE doStuff
    @dbName NVARCHAR(50)
    @someValue NVARCHAR(10)
AS
    DECLARE @sql NVARCHAR(1000)

    SET @sql = 'SELECT stuff FROM ' + QUOTENAME(@dbName) + '..TableName WHERE stuff = @pOtherStuff'

    EXEC sp_ExecuteSQL (@sql, '@pOtherStuff NVARCHAR(10)', @someValue)

    This then makes sure that parameters for the dynamic SQL are passed through safely and the chances for injection attacks are reduced. It also improves the chances that the execution plan associated with the query will get reused.

    • 0