ALTER proc [dbo].[Search]
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100) set @sql='select * from '+@tabel+' where '+@b+' =gggg'/*这里提示列名gggg无效,按道理应是@b是列名*/
exec(@sql)
end
/*以上执行没问题,可到了程序运行就不行了*/
for try
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @tabel=@tabel
set @b=@b
set @sql = 'select ID from '+@tabel+' where '+@a+' = ''@b'''/*改过之后不管什么条件查询都提有,不知哪又不对了*/
exec(@sql)
end
try:
ALTER proc [dbo].[Search]
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @tabel=@tabel
set @b=@b
set @sql = 'select ID from '+@tabel+' where '+@a+' = '''+@b+''''/*要搞清楚哪个是参数,哪个是字符串*/
exec(@sql)
end
set @sql = 'select ID from '+@tabel+' where '+@a+'='''+@b+''''/*是三个,提交查询参数后,(比如查询列名A是否有参数@b时总是提示有*/
/// <summary>
///search 对表进行查询 返回1表示有,0表示没有
/// </summary>
/// <param name="tabel">要查询的表名</param>
/// <param name="a">要查询的列名</param>
/// <param name="b">要查询的参数</param>
public string seach(string tabel,string a,string b)
{
data.Open();
SqlCommand comm = new SqlCommand("Search", data.con);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.Add(new SqlParameter("@tabel", SqlDbType.VarChar, 10)).Value = tabel ;
comm.Parameters.Add(new SqlParameter("@a", SqlDbType.VarChar, 10)).Value = a;
comm.Parameters.Add(new SqlParameter("@b", SqlDbType.VarChar, 50)).Value = b;
SqlDataReader dr = data.ExecSql(comm);
string r = "0";
if (!dr.Read())
{
r = "1";
}
data.Close();
data.Dispose();
return r;
}
}
这是我的程序代码
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @tabel=@tabel
set @b=@b
set @sql = 'select ID from '+@tabel+' where '+@a+' = ''@b'''/*改过之后不管什么条件查询都提有,不知哪又不对了*/
select @sql--你输出出这段代码看看
exec(@sql)
end
放进之后又提示没有
if (dr.Read()) /*这个不管有!还是没有!都达不到效果*/
{
r = "1";
}
加入select @sql这和没有加返回的结果相反,但不管条件真假返回的都是一种结果。
我想还储存过程不对
set @tabel=@tabel
set @b=@b
这两句在后来的调试中给删了,运行正常。
谢ojlovecd 的大力帮助。
set @sql='select * from '+@tabel+' where '+@b+' =''gggg'''