stackoom
  简体   繁体   中英

Insert string into SQL query as plain text in stored procedure

 原文  2020-04-20 23:05:27       sql/ sql-server

Question

I'm trying to write a stored procedure in SQL Server that checks if search input exists in a column.

SELECT * 
FROM Product 
WHERE @Type LIKE @SearchResult

My problem is that when I fetch @Type from user's input, it comes as a string in SQL therefore syntax is wrong and it returns NULL .

Is there a way to get rid off single quotations or convert it to plain text in SQL?

So if @Type is "ProductName" it would appear in SQL as

SELECT * 
FROM Product 
WHERE ProductName LIKE @SearchResult (no single quotes around `ProductName`)

1 answers

solution1
 1 ACCPTED  2020-04-20 23:12:19

You have to use dynamic SQL to replace anything other than a constant in a query:

DECLARE @sql NVARCHAR(MAX);

SET @SQL = 'SELECT * FROM Product WHERE  @Type LIKE @SearchResult';

SET @SQL = REPLACE(@SQL, '@Type', @Type);

exec sp_executesql @sql,
                   N'@SearchResult NVARCHAR(MAX)',
                   @SearchResult=@SearchResult;

You can still pass the @SearchResult value using a parameter.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SQL query to find and replace text in a stored procedure SQL Query Into Delimited String In Stored Procedure sql insert stored procedure with if SQL Server stored procedure concat string as query Stored procedure in SQL Server with select query then if condition and then insert query Sql query for stored procedure Insert sql query result inside stored procedure in temp table stored procedure to insert join query Sql Stored Procedure to insert and update SQL Insert into table stored procedure
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM