我想创建一个存储过程,其中查询语句后的WHERE判断条件想用参数的方式调用,但不行,应该怎么写呢?
CREATE PROCEDURE dbo.sp_sh_zy
@WHERE varchar(100)
AS
select * from T1 @WHERE
GO
-------------------------------------------EXEC 'where rq='2009-01-01''
-----------------------------------------------
CREATE PROCEDURE dbo.sp_sh_zy
@WHERE varchar(100)
AS
select * from T1 @WHERE
GO
-------------------------------------------EXEC 'where rq='2009-01-01''
-----------------------------------------------
CREATE PROCEDURE dbo.sp_sh_zy
@WHERE varchar(100)
AS
EXEC('select * from T1 '+@WHERE +';')
GO
------------------------------------------- EXEC sp_sh_zy 'where rq='2009-01-01''
-----------------------------------------------
----------------------------------------------- 执行语句要这样写
1 :普通SQL语句可以用Exec执行 eg: Select * from tableName
Exec('select * from tableName')
Exec sp_executesql N'select * from tableName' -- 请注意字符串前一定要加N 2:字段名,表名,数据库名之类作为变量时,必须用动态SQL eg:
declare @fname varchar(20)
set @fname = 'FiledName'
Select @fname from tableName -- 错误,不会提示错误,但结果为固定值FiledName,并非所要。
Exec('select ' + @fname + ' from tableName') -- 请注意 加号前后的 单引号的边上加空格 当然将字符串改成变量的形式也可
declare @fname varchar(20)
set @fname = 'FiledName' --设置字段名 declare @s varchar(1000)
set @s = 'select ' + @fname + ' from tableName'
Exec(@s) -- 成功
exec sp_executesql @s -- 此句会报错 declare @s Nvarchar(1000) -- 注意此处改为nvarchar(1000)
set @s = 'select ' + @fname + ' from tableName'
Exec(@s) -- 成功
exec sp_executesql @s -- 此句正确 3. 输出参数
declare @num int,
@sqls nvarchar(4000)
set @sqls='select count(*) from tableName'
exec(@sqls)
--如何将exec执行结果放入变量中? declare @num int,
@sqls nvarchar(4000)
set @sqls='select @a=count(*) from tableName '
exec sp_executesql @sqls,N'@a int output',@num output
select @num
@where varchar(100)
as
if @where like '%drop%' or @where like '%delete%' or @where like '%alter%' or @where like '%create%'
begin
raiserror('不允许在查询条件使用drop、delete、alter、create关键字!',16,1)
return
endelse
EXEC('select * from CJ '+@WHERE +';')
GO--如果一定要这样做,为了安全,可以把一些有影响的关键字屏蔽掉.
@WHERE nvarchar(100)
AS
declare @str nvarchar(4000)
set @str = N'select * from T1 ' + @WHERE
exec (@str)
GO