Home > IT Answers > Development > Can you force a user input in a SQL statement, then have the statement continue running
Bugsy
5 pts.
 Can you force a user input in a SQL statement, then have the statement continue running
SQL, SQL Server development, SQL statements
Hi, Can one in an sql statement , when run in sql, force a user input to be entered and when entered, the sql continues to completing

Software/Hardware used:
ASKED: March 25, 2009  11:55 AM
UPDATED: March 26, 2009  8:57 PM
RELATED QUESTIONS
Answer Wiki:
It's probably possible if you give users direct access to the SQL CLI prompt, but that's a very bad idea. What are you trying to accomplish, specifically? You should always take in input, make sure to sanitize it, and only then incorporate it into the SQL command and run that. <a href="http://xkcd.com/327/">xkcd</a> has a humorous but real example of the huge security problems you introduce by not properly sanitizing input.
Last Wiki Answer Submitted:  March 25, 2009  3:21 pm  by  YuvalShavit   905 pts.
All Answer Wiki Contributors:  YuvalShavit   905 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Microsoft SQL Server doesn’t provide a way to do this. All inputs have to be supplied by the user before the code is executed against the database. If you are using Oracle however it can prompt the user for input when using SQLPlus. (You didn’t specify the platform you are using)

What ever front end you are using should handle the input of data from the user. Let the database simply handle the data processing and storage.

Denny Cherry
 64,550 pts.