MSSQL: support EXEC (@SQL) dynamic SQL execution

yoabot-droid · yoabot-droid · commit 2b64f60aa251 · 2026-02-23T13:09:05.000+01:00
parse_execute() was consuming a second parameter list after already parsing the parenthesised name expression, causing parse failures on any token that immediately followed EXEC (@SQL). Fixed by tracking whether the name was itself wrapped in parens; when it is, skip the parameter-list scan and leave no tokens consumed for the caller to mis-interpret. Adds test_exec_dynamic_sql covering both the standalone form and the case where a subsequent statement follows on the next line.
diff --git a/src/parser/mod.rs b/src/parser/mod.rs
@@ -18536,6 +18536,9 @@ impl<'a> Parser<'a> {
 
     /// Parse a SQL `EXECUTE` statement
     pub fn parse_execute(&mut self) -> Result<Statement, ParserError> {
+        // Track whether the procedure/expression name itself was wrapped in parens,
+        // i.e. `EXEC (@sql)` (dynamic string execution) vs `EXEC sp_name`.
+        // When the name has parens there are no additional parameters.
         let name = if self.dialect.supports_execute_immediate()
             && self.parse_keyword(Keyword::IMMEDIATE)
         {
@@ -18546,10 +18549,18 @@ impl<'a> Parser<'a> {
             if has_parentheses {
                 self.expect_token(&Token::RParen)?;
             }
-            Some(name)
+            Some((name, has_parentheses))
         };
 
-        let has_parentheses = self.consume_token(&Token::LParen);
+        let name_had_parentheses = name.as_ref().map(|(_, p)| *p).unwrap_or(false);
+
+        // Only look for a parameter list when the name was NOT wrapped in parens.
+        // `EXEC (@sql)` is dynamic SQL execution and takes no parameters here.
+        let has_parentheses = if name_had_parentheses {
+            false
+        } else {
+            self.consume_token(&Token::LParen)
+        };
 
         let end_kws = &[Keyword::USING, Keyword::OUTPUT, Keyword::DEFAULT];
         let end_token = match (has_parentheses, self.peek_token().token) {
@@ -18559,12 +18570,18 @@ impl<'a> Parser<'a> {
             (false, _) => Token::SemiColon,
         };
 
-        let parameters = self.parse_comma_separated0(Parser::parse_expr, end_token)?;
+        let parameters = if name_had_parentheses {
+            vec![]
+        } else {
+            self.parse_comma_separated0(Parser::parse_expr, end_token)?
+        };
 
         if has_parentheses {
             self.expect_token(&Token::RParen)?;
         }
 
+        let name = name.map(|(n, _)| n);
+
         let into = if self.parse_keyword(Keyword::INTO) {
             self.parse_comma_separated(Self::parse_identifier)?
         } else {
diff --git a/tests/sqlparser_mssql.rs b/tests/sqlparser_mssql.rs
@@ -2730,3 +2730,26 @@ fn parse_mssql_tran_shorthand() {
     // ROLLBACK TRAN normalizes to ROLLBACK (same as ROLLBACK TRANSACTION)
     ms().one_statement_parses_to("ROLLBACK TRAN", "ROLLBACK");
 }
+
+#[test]
+fn test_exec_dynamic_sql() {
+    // EXEC (@sql) executes a dynamic SQL string held in a variable.
+    // It must parse as a single Execute statement and not attempt to parse
+    // parameters after the closing paren.
+    let stmts = tsql()
+        .parse_sql_statements("EXEC (@sql)")
+        .expect("EXEC (@sql) should parse");
+    assert_eq!(stmts.len(), 1);
+    assert!(
+        matches!(&stmts[0], Statement::Execute { .. }),
+        "expected Execute, got: {:?}",
+        stmts[0]
+    );
+
+    // Verify that a statement following EXEC (@sql) on the next line is parsed
+    // as a separate statement and not consumed as a parameter.
+    let stmts = tsql()
+        .parse_sql_statements("EXEC (@sql)\nDROP TABLE #tmp")
+        .expect("EXEC (@sql) followed by DROP TABLE should parse");
+    assert_eq!(stmts.len(), 2);
+}
