>
>Look at sp_executesql in TSQL. It has limits and can be a pain, but sometimes it is pretty handy.>
>Ahh. I read about it now in BOL.
>So something like this should work then:
>
>
>DECLARE @SQLString VARCHAR(500)
>
>SET @SQLString = 'SELECT ' + @ColumnName2Get + CHAR(13)
>SET @SQLString = @SQLString + 'WHERE condition_here'
>
>EXEC sp_executesql @SQLString
>
>Will rewrite and try it now. Thx.
Hey Alex
You can create the SQL in a stored procedure like that, but since you're going to call sp_ExecuteSQL you still have to watch out for SQL Injection attacks. I just finished an article for FPA on the proper way to prevent them. Keep an eye out for it.