1 
SqlCommand s2 = new SqlCommand();
s2.CommandText = @"declare @sql nvarchar(max);

set @sql = 'select sys_RespNum from ' + quotename(@tableName) + 'where' + 'respid' + 'in' + '(' + @emails + ')';
exec (@sql);

What's wrong with the code? I get an error:

Incorrect syntax near @emails

Improve this question
2
  • Note that you should not build SQL commands with string concatenation, it is extremely dangerous because it's so easy to hack. Instead you should use the overload of the Query method you're using to supply the parameters separately. Commented Mar 4, 2019 at 16:28
  • 3
    Print your SQL string, you missed several spaces Commented Mar 4, 2019 at 16:38

1 Answer 1

Reset to default
3

you missed space

set @sql = 'select sys_RespNum from ' + quotename(@tableName) + ' where ' + ' respid ' + ' in ' + '( ' + @emails + ' )';
exec (@sql);
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Incorrect syntax near '[email protected]'. Still error
@LukeMarkLorenzoBadeo check now there will be another space after parenthesis
That could just be ... + ' where respid in (' + ... instead. That way it's easier to see the need for the spaces.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.