用户搜索的模糊查询存储过程,like的部分有语法错误,
请大家更正一下,谢谢。Alter procedure SelectBySearch
@category varchar(255),
@bookName varchar(50),
@keywords varchar(30),
@press varchar(20),
@isbn varchar(20),
@publishTime datetime,
@addTime datetime
as
declare @sql varchar(1000),
@tempselect varchar(1000),
@tempwhere varchar(1000),
@datebase varchar(100)
begin
select @tempselect='BookInfo.*,',@tempwhere='1=1 and',@datebase='BookInfo'
if @category<>null
select @datebase=@datebase+',Category',
@tempselect=@tempselect+'CategoryName,',@tempwhere=@tempwhere+'CategoryName like"%'+@category+'%" and Category.Id=BookInfo.CategoryId and'
if @bookName<>null
select @tempwhere=@tempwhere+'BookName like''%'+@bookName+'%'' and'
if @keywords<>null
select @tempwhere=@tempwhere+'Description like''%'+@keywords+'%'' and'
if @press<>null
select @tempwhere=@tempwhere+'press like''%'+@press+'%'' and'
if @isbn<>null
select @tempwhere=@tempwhere+'ISBN like''%'+@isbn+'%'' and'
if @publishTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), PublishTime, 120 ),CONVERT(varchar(10),'+@publishTime+',120)=0 and'
if @addTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), AddTime, 120 ),CONVERT(varchar(10),'+@addTime+',120)=0'
exec('select ' +@tempselect+' from'+ @datebase+' where ' +@tempwhere)
end
go
请大家更正一下,谢谢。Alter procedure SelectBySearch
@category varchar(255),
@bookName varchar(50),
@keywords varchar(30),
@press varchar(20),
@isbn varchar(20),
@publishTime datetime,
@addTime datetime
as
declare @sql varchar(1000),
@tempselect varchar(1000),
@tempwhere varchar(1000),
@datebase varchar(100)
begin
select @tempselect='BookInfo.*,',@tempwhere='1=1 and',@datebase='BookInfo'
if @category<>null
select @datebase=@datebase+',Category',
@tempselect=@tempselect+'CategoryName,',@tempwhere=@tempwhere+'CategoryName like"%'+@category+'%" and Category.Id=BookInfo.CategoryId and'
if @bookName<>null
select @tempwhere=@tempwhere+'BookName like''%'+@bookName+'%'' and'
if @keywords<>null
select @tempwhere=@tempwhere+'Description like''%'+@keywords+'%'' and'
if @press<>null
select @tempwhere=@tempwhere+'press like''%'+@press+'%'' and'
if @isbn<>null
select @tempwhere=@tempwhere+'ISBN like''%'+@isbn+'%'' and'
if @publishTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), PublishTime, 120 ),CONVERT(varchar(10),'+@publishTime+',120)=0 and'
if @addTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), AddTime, 120 ),CONVERT(varchar(10),'+@addTime+',120)=0'
exec('select ' +@tempselect+' from'+ @datebase+' where ' +@tempwhere)
end
go
Alter procedure SelectBySearch
@category varchar(255),
@bookName varchar(50),
@keywords varchar(30),
@press varchar(20),
@isbn varchar(20),
@publishTime datetime,
@addTime datetime
as
declare @sql varchar(1000),
@tempselect varchar(1000),
@tempwhere varchar(1000),
@datebase varchar(100)
begin
select @tempselect='BookInfo.*,',@tempwhere='1=1 and',@datebase='BookInfo'
if @category<>null
select @datebase=@datebase+',Category',
@tempselect=@tempselect+'CategoryName,',@tempwhere=@tempwhere+'CategoryName like ''%'+@category+'%'' and Category.Id=BookInfo.CategoryId and'
if @bookName<>null
select @tempwhere=@tempwhere+'BookName like ''%'+@bookName+'%'' and'
if @keywords<>null
select @tempwhere=@tempwhere+'Description like ''%'+@keywords+'%'' and'
if @press<>null
select @tempwhere=@tempwhere+'press like ''%'+@press+'%'' and'
if @isbn<>null
select @tempwhere=@tempwhere+'ISBN like ''%'+@isbn+'%'' and'
if @publishTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), PublishTime, 120 ),CONVERT(varchar(10),'+@publishTime+',120)=0 and'
if @addTime<>null
select @tempwhere=@tempwhere+' datediff(d,CONVERT(varchar(10), AddTime, 120 ),CONVERT(varchar(10),'+@addTime+',120)=0'
exec('select ' +@tempselect+' from'+ @datebase+' where ' +@tempwhere)
end
go
--动态sql语句基本语法
1 :普通SQL语句可以用Exec执行 eg: Select * from tableName
Exec('select * from tableName')
Exec sp_executesql N'select * from tableName' -- 请注意字符串前一定要加N 2:字段名,表名,数据库名之类作为变量时,必须用动态SQL eg:
declare @fname varchar(20)
set @fname = 'FiledName'
Select @fname from tableName -- 错误,不会提示错误,但结果为固定值FiledName,并非所要。
Exec('select ' + @fname + ' from tableName') -- 请注意 加号前后的 单引号的边上加空格 当然将字符串改成变量的形式也可
declare @fname varchar(20)
set @fname = 'FiledName' --设置字段名 declare @s varchar(1000)
set @s = 'select ' + @fname + ' from tableName'
Exec(@s) -- 成功
exec sp_executesql @s -- 此句会报错 declare @s Nvarchar(1000) -- 注意此处改为nvarchar(1000)
set @s = 'select ' + @fname + ' from tableName'
Exec(@s) -- 成功
exec sp_executesql @s -- 此句正确 3. 输出参数
declare @num int,
@sqls nvarchar(4000)
set @sqls='select count(*) from tableName'
exec(@sqls)
--如何将exec执行结果放入变量中? declare @num int,
@sqls nvarchar(4000)
set @sqls='select @a=count(*) from tableName '
exec sp_executesql @sqls,N'@a int output',@num output
select @num
Alter procedure SelectBySearch
@category varchar(255),
@bookName varchar(50),
@keywords varchar(30),
@press varchar(20),
@isbn varchar(20),
@publishTime datetime,
@addTime datetime
as
declare @sql varchar(1000),
@tempselect varchar(1000),
@tempwhere varchar(1000),
@datebase varchar(100)
begin
select @tempselect='BookInfo.*,',@tempwhere='1=1 and ',@datebase='BookInfo'
if @category<>null
select @datebase=@datebase+',Category',
@tempselect=@tempselect+'CategoryName',@tempwhere=@tempwhere+'CategoryName like ''%'+@category+'%'' and Category.Id=BookInfo.CategoryId'
if @bookName<>null
select @tempwhere=@tempwhere+' and BookName like ''%'+@bookName+'%'''
if @keywords<>null
select @tempwhere=@tempwhere+' and Description like ''%'+@keywords+'%'''
if @press<>null
select @tempwhere=@tempwhere+' and press like ''%'+@press+'%'''
if @isbn<>null
select @tempwhere=@tempwhere+' and ISBN like ''%'+@isbn+'%'''
if @publishTime<>null
select @tempwhere=@tempwhere+' and datediff(d,CONVERT(varchar(10), PublishTime, 120 ),CONVERT(varchar(10),'+@publishTime+',120)=0'
if @addTime<>null
select @tempwhere=@tempwhere+' and datediff(d,CONVERT(varchar(10), AddTime, 120 ),CONVERT(varchar(10),'+@addTime+',120)=0'
exec('select ' +@tempselect+' from '+ @datebase+' where ' +@tempwhere)
end
go
但用存储过程执行,提示关键字 'from' 附近有语法错误。
你把:
exec('select ' +@tempselect+' from '+ @datebase+' where ' +@tempwhere)换成
print('select ' +@tempselect+' from '+ @datebase+' where ' +@tempwhere)然后你就知道错误在哪里了.
select BookInfo.*, from BookInfo where 1=1 and
字符串没有连接上参数