>>>He didn't say ANY COMBINATION OF THE 3 PARAMETERS. Who said anything about t-sql? You create the dynamic sql statement in your code and execute it as a sql command. We do this alot. Also, there are ways of creating the dynamic sql in t-sql also, but I guess that is beyond basic t-sql.
>>
>>I guess we read the question completely differently. He posted an SP and I assumed we want to be able to handle NULL (empty) parameters in this SP.
>>
>>We can generate dynamic SQL in the code, of course, but then we should take measures against SQL injection attacks.
>
>
>You know.. .I'm done with this thread. I'll leave it up to you to solve his problems since you appear to have all the answers.... Have fun...
Hi John,
I think I figured out what did you mean with your original statement. You meant to loop through parameters collection and costruct your parameterized where clause, sort of SQL Where Builder. I didn't understand it fully before, sometimes it takes time for me to let the idea sink in the brain.
If it's not broken, fix it until it is.
My Blog