[英]Pass Parameter Value as Where Clause in SQL Server
I want to pass Parameter value as Where Clause in SQL Server
. 我想将参数值作为
SQL Server
Where子句传递。 If I am passing values directly in Query, then It is showing me results but after using it with SQLCommand
and StorecProcedure
, It is not returning any value. 如果我直接在Query中传递值,那么它将显示结果,但将其与
SQLCommand
和StorecProcedure
使用后,它不会返回任何值。
Please help me to solve this issue. 请帮我解决这个问题。
My Query : 我的查询:
Select top 15 UserId, (FirstName + ' ' + LastName) as Name from tblUser Where + @AllUserIds + (FirstName + ' ' + LastName) LIKE @Search1 + '%' AND (FirstName + ' ' + LastName) LIKE '%' + @Search2 + '%'
@Search1='abc'
@Search2=''
@AllUserIds=UserId!=2869 AND UserId!=1 AND
C# Code : C#代码:
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "sp_Teacher_App";
cmd.Parameters.Add("@Search1", SqlDbType.VarChar, 50).Value = Search1;
cmd.Parameters.Add("@Search2", SqlDbType.VarChar, 50).Value = Search2;
AllUserIds = "UserId!=" + AllUserIds.Replace(",", " AND UserId!=") + " AND ";
cmd.Parameters.Add("@AllUserIds", SqlDbType.VarChar).Value = AllUserIds;
cmd.Parameters.Add("@Mode", SqlDbType.VarChar, 30).Value = "GetUserSuggestions";
Complex queries involving flexible numbers of parameters are tricky. 涉及数量灵活的参数的复杂查询非常棘手。 Fortunately, tools like "dapper" can help you here.
幸运的是,像“ dapper”这样的工具可以在这里为您提供帮助。 It looks like you want to do something like the following:
您似乎想要执行以下操作:
int[] userIds = new[] {1,2,3,4};
var query = conn.Query(@"
Select top 15 UserId, (FirstName + ' ' + LastName) as Name
from tblUser Where UserId not in @userIds
and (FirstName + ' ' + LastName) LIKE @Search1 + '%'
and (FirstName + ' ' + LastName) LIKE '%' + @Search2 + '%'",
new { userIds, Search1, Search2 });
foreach(var row in query) {
Console.WriteLine((int)row.UserId);
Console.WriteLine((string)row.Name);
}
Note the things dapper does to help us here: 请注意dapper在这里为我们提供帮助的事情:
userIds
parameter userIds
参数的参数扩展 dynamic
in this case, but typed binding is also supported) dynamic
,但也支持类型绑定) The better approach would be use a dynamic SQL to build a query in stored proc. 更好的方法是使用动态SQL在存储的proc中建立查询。
ALTER Procedure [dbo].[sp_Teacher_App]
@AllUserIds nvarchar(100),
@Search1 nvarchar(100),
@Search2 nvarchar(100),
As
SET NOCOUNT ON
declare @selectCols nvarchar(500), @wherClause nvarchar(300), @fromClause varchar(50)
set @selectCols = 'Select top 15 UserId, (Firstname' + '+ ' + 'LastName) as Name'
set @fromClause = ' tblUser ' --you can even pass this as a param
set @wherClause = @AllUserIds
set @query = @selectCols + 'from ' + @fromClause + ' where ' + @wherClause
exec(@query)
SET NOCOUNT OFF
Try a few more brackets. 再尝试一些括号。 If that doesn't work, remove all the where conditions and tyhen add them back in one at a time to help you diagnose where the issue stems from.
如果那不起作用,请删除所有where条件,然后一次又将它们重新添加一次,以帮助您诊断问题的根源。
Select top 15 UserId, (FirstName + ' ' + LastName) as Name
from tblUser
Where
(
@AllUserIds +
((FirstName + ' ' + LastName) LIKE @Search1 + '%' )
AND
((FirstName + ' ' + LastName) LIKE '%' + @Search2 + '%')
)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.