SoftadminApi.SavedSearch_Sql

Type: Scalar function

Retrieves the parameters from a saved search and combines them with the menuitem's SQL.

The menu item in question can not use auto parameters ({p_cid}, {q_activityid}, etc.) other than session variables, and the values of those session variables must be provided when calling the function.

The menu item's stored procedure must use sp_executesql rather than EXEC if it uses dynamic SQL, or you risk security holes from SQL injection.

Return value: nvarchar(max)

A SQL string ready to be executed.

If the saved search contains parameters marked as obsolete then the return value is undefined.

Parameters

@SearchID mandatory int
ID of a saved search.
@SessionVariables mandatory xml
If the menu item's SQL references session variables (ex. {s_userid}) then you must provide them.

The XML should be on the form
<row name="userid" value="99" />
<row name="companyid" value="6" />
and is easiest generated using FOR XML RAW.

If you do not need to specifiy session variables then you can pass NULL.