I want to write one common stored procedure to insert data in any table of my database

Question

I have 6 table with different fields. I want to access table name dynamically. is there any idea to do it? My code is below this is simple procedure which I want to make dynamic

Answer 1

Its very easy to do.........

Just call the sql query using Data Adapter.

select TABLE_NAME from INFORMATION_SCHEMA.TABLES

Answer 2

As you said you need dynamic SQL like this:

Create procedure [dbo].[Insert_Data]
(
    @TableName nvarchar(512),
    @Values nvarchar(max)
)
BEGIN
    DECLARE @SQL nvarchar(max)
    SELECT @SQL = 'INSERT INTO ' + @TableName + ' VALUES (' + @Values + ')'
    EXEC(@SQL)
END

Note that @Values will be like this '1, ''name'', 10.2' and with the same order of columns.

or

Create procedure [dbo].[Insert_Data]
(
    @TableName nvarchar(512),
    @Fields nvarchar(max),
    @Values nvarchar(max)
)
BEGIN
    DECLARE @SQL nvarchar(max)
    SELECT @SQL = 'INSERT INTO ' + @TableName + ' (' + @Fields + ') VALUES (' + @Values + ')'
    EXEC(@SQL)
END

To more ability to handle column order and remove identity columns.

Answer 3

Don't go there.
It's a bad idea since you will end up with a long, inefficient stored procedure that will be vulnerable to SQL injection attacks and have performance issues.
Writing an insert stored procedure for each table is the way to go.

You wrote you have six different tables with different columns, so writing a stored procedure to handle inserts for all of them will require you to send all the parameters for all columns as well as a parameter for the table name, and a nested if...else with 6 possible paths, one for each table.
This will end up as a long, messy, poorly written code at best, bad in each parameter: security, performance, code readability and maintainability.

The only way that makes some sense to achieve such a goal is to write individual insert stored procedures for each table, and then write a stored procedure that will take all of the possible parameters and the table name and inside of it decide what insert stored procedure to execute based on the value of the table name parameter. However, you will be better off leaving conditions like these to the SQL client (your c# code in this case) then to SQL Server.

Answer 4

As Robert Harvey mentioned it is a bad idea, anyway if you want to you can do something like....

CREATE PROCEDURE Insert_Data
 @TableName     SYSNAME
,@Column1       SYSNAME         = NULL
,@Column2       SYSNAME         = NULL 
,@Column3       SYSNAME         = NULL
,@Value1        NVARCHAR(100)   = NULL
,@Value2        NVARCHAR(100)   = NULL
,@Value3        NVARCHAR(100)   = NULL
AS
BEGIN
  SET NOCOUNT ON;
  DECLARE @Sql NVARCHAR(MAX);

SET @Sql = N' INSERT INTO ' + QUOTENAME(@TableName) 
         + N' ( ' 
         + STUFF(
           CASE WHEN @Column1 IS NOT NULL 
                THEN N',' + QUOTENAME(@Column1) ELSE N'' END
         + CASE WHEN @Column2 IS NOT NULL 
                THEN N',' + QUOTENAME(@Column2) ELSE N'' END
         + CASE WHEN @Column3 IS NOT NULL 
                THEN N',' + QUOTENAME(@Column3) ELSE N'' END
                 ,1,1,'')
         + N' ) '
         + N' VALUES ( '
         +  STUFF(
           CASE WHEN @Value1 IS NOT NULL 
                 THEN N', @Value1' ELSE N'' END  
         + CASE WHEN @Value2 IS NOT NULL 
                 THEN N', @Value2' ELSE N'' END  
         + CASE WHEN @Value3 IS NOT NULL 
                 THEN N', @Value3' ELSE N'' END  
             ,1,1,'')
          + N' ) '

Exec sp_executesql @Sql
                  ,N'@Value1 NVARCHAR(100),@Value2 NVARCHAR(100),@Value3 NVARCHAR(100)'
                  ,@Value1
                  ,@Value2
                  ,@Value3
END