I am trying to read the @NAME variable in the query but am getting a syntax error.
DECLARE @NAME AS VARCHAR(100)
SET @NAME = 'Jhon Smith'
select *
from openquery(
DATA_BASE,
'select * from where code = 'ADM-0001' and name = '+@NAME+' order by (id) desc')
you can do it this way:
You must be very careful when executing strings with concatenated values. It is the first step to suffer from SQL injection. Here I leave an example of how to make the query in a more secure way but that has the limitation that the parameter cannot be greater than 128 characters.