Ok, so in SQL I have this basic stored procedure:
DROP PROCEDURE MYTEST
GO
CREATE PROCEDURE MYTEST (@ItemCode nvarchar(20))
AS
BEGIN
exec SP_EXECUTESQL N'select ItemCode, ItemName from OITM where ItemCode = @ItemCode', N'@ItemCode nvarchar(20)', @ItemCode = @ItemCode
END
GO
exec MYTEST 'LM4029'
Now in Hana I have not found a way to execute a dynamic query without sending parameters to the EXECUTE IMMEDIATE syntax. The only way is putting the variable value directly in a query, this leaves space for sql injections with I avoid in SQL and I don't want to open up in Hana. Is there any solution for this or will be done in the futute?.
DROP PROCEDURE MYTEST;
CREATE PROCEDURE MYTEST (IN ItemCode nvarchar(20))
AS
BEGIN
EXECUTE IMMEDIATE('select "ItemCode", "ItemName" from OITM where "ItemCode" = ''' || :ItemCode || '''');
END;
call MYTEST('LM4029');