[英]SQL 2000 Table Name as variable in stored procedure
Table Name:表名:
RM_master RM_master
Fields:领域:
cust_no cust_no
acct_no acct_no
acct_code账户代码
Question is, I want to make the table RM_master as a variable in the parameters in the stored procedure?问题是,我想让表 RM_master 作为存储过程中的参数中的变量?
This has no syntax error but when I execute this in the query analyzer by right clicking on the stored procedure name the variable table name (RM_master) is not identified这没有语法错误,但是当我通过右键单击存储过程名称在查询分析器中执行此操作时,未识别变量表名称(RM_master)
Here is my stored procedure;这是我的存储过程;
CREATE PROCEDURE RMQUERY
@cusnumber nvarchar (255) = '' ,
@acctnumber nvarchar (255) = '' ,
@master nvarchar (255) = ''
AS
BEGIN
SET @CUSNUMBER = @CUSNUMBER
DECLARE @RMRM AS NVARCHAR (255)
SET @RMRM =n'SELECT * FROM' + @MASTER + 'WHERE ACCT_NO =' + @ACCTNUMBER
EXEC RMQUERY2
END
It's not recommended, as you simply are creating dynamic sql inside a stored proc.不建议这样做,因为您只是在存储过程中创建动态 sql。 This opens up sql injection backdoors as you have no overview about what sql is created by the input: parameter values should never be used as query elements themselves, but only as values in a query (which can be dynamically created, though always should use parameters).这将打开 sql 注入后门,因为您没有关于输入创建的 sql 的概述:参数值本身不应用作查询元素,而只能用作查询中的值(可以动态创建,但始终应使用参数)。
Though if you must, you should use the external stored proc sp_executesql and feed the sql to that proc.尽管如果必须,您应该使用外部存储的过程 sp_executesql 并将 sql 提供给该过程。
You are not assigning a value to @master.您没有为@master 赋值。
You might want to add Spaces before and after the table name otherwise it will look like this:您可能需要在表名前后添加空格,否则它将如下所示:
SELECT * FROMTABLENAMEWHERE ACCT_NO =0
You need a space between "FROM" and "WHERE" in your dynamic sql query在动态 sql 查询中,“FROM”和“WHERE”之间需要一个空格
Instead of代替
SET @RMRM =n'SELECT * FROM' + @MASTER + 'WHERE ACCT_NO =' + @ACCTNUMBER
You should do你应该做
SET @RMRM = N'SELECT * FROM ' + @MASTER + N' WHERE ACCT_NO =' + @ACCTNUMBER
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.