Home/ Questions/Q 251359
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T21:35:16+00:00

I’m trying to create sql statement in TSQL that looks like this: INSERT INTO

  • 0

I’m trying to create sql statement in TSQL that looks like this:

INSERT INTO UsersTable (UserName) VALUES (@UserName)

This is easy until you’re trying to do it dynamically in T-Sql and @UserName is a varchar

The it looks like this:

SELECT @SQLInsert = 'INSERT INTO UsersTable (UserName) ' +
                    'VALUES (' + @UserName + ')'

Except of course this doesn’t work. How many ticks do I need to create ticks in a string???? Driving me crazy!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think the problem is your not quoting the @UserName string properly. The best practices way (and safe way) to do this is to use a parameterized query using sp_executesql. Below is how it would be done using sp_executesql (untested). I hope this helps.

    DECLARE @SQLInsert NVARCHAR(500)
DECLARE @paramDef NVARCHAR(500) 

SET @SQLInsert = 'INSERT INTO UsersTable (UserName)  VALUES ( @InsUserName )'

SET @paramDef = '@InsUserName NVARCHAR(50)'

EXECUTE sp_executesql @SQLInsert, @paramDef,
                      @InsUserName = @UserName;
    • 0