CREATE PROCEDURE [cn4b145].[PF_Search] @sqlstr nvarchar(200),@tablename nvarchar(50),@keys nvarchar(50),@keyfield nvarchar(50)AS BEGIN declare @sql nvarchar(200) SET NOCOUNT ON; set @sql='select '+@sqlstr+' from '+@tablename+' where '+@keyfield+' like '+''''+'%'+@keys+'%'+''''
exec(@sql) END GO 这个是我些得模糊查询,遇到”'“得时候出错
CREATE PROCEDURE [cn4b145].[PF_Search] @sqlstr nvarchar(200),@tablename nvarchar(50),@keys nvarchar(50),@keyfield nvarchar(50) AS BEGIN declare @sql nvarchar(200) SET NOCOUNT ON; set @sql='select '+@sqlstr+' from '+@tablename+' where '+@keyfield+' like '+''''+'%'+@keys+'%'+'''' exec(@sql) END GO
key.Replace("'", "''")
或者在 SQL 语句中用参数。
CREATE PROCEDURE [cn4b145].[PF_Search]
@sqlstr nvarchar(200),@tablename nvarchar(50),@keys nvarchar(50),@keyfield nvarchar(50)AS
BEGIN
declare @sql nvarchar(200)
SET NOCOUNT ON;
set @sql='select '+@sqlstr+' from '+@tablename+' where '+@keyfield+' like '+''''+'%'+@keys+'%'+''''
exec(@sql)
END
GO
这个是我些得模糊查询,遇到”'“得时候出错
CREATE PROCEDURE [cn4b145].[PF_Search]
@sqlstr nvarchar(200),@tablename nvarchar(50),@keys nvarchar(50),@keyfield nvarchar(50) AS
BEGIN
declare @sql nvarchar(200)
SET NOCOUNT ON;
set @sql='select '+@sqlstr+' from '+@tablename+' where '+@keyfield+' like '+''''+'%'+@keys+'%'+'''' exec(@sql)
END
GO