[英]Does stored procedure help eliminates SQL injection / What are the benefits of stored procedured over normal SQL statement in apps?
[英]What is the correct syntax to call a stored procedured from within a stored procedure using a condition in SQL Server
我在从存储过程中调用存储过程时弄乱了条件语句。 谁能帮我吗?
CREATE PROCEDURE [dbo].[sp_Leaderboard]
@CompetitionId INTEGER
AS
DECLARE @Competition TABLE
(CompId INTEGER,
CompFormat NVARCHAR(10)
)
INSERT INTO @Competition
SELECT CompetitionId, CompetitionFormatType
FROM dbo.Competitions
LEFT JOIN dbo.CompetitionFormat ON dbo.Competitions.CompetitionFormatId = dbo.CompetitionFormat.CompetitionFormatId
WHERE CompetitionId = @CompetitionId
CASE WHEN @Competition.CompFormat = "Strokes" THEN EXEC [dbo].[sp_Strokes] ELSE EXEC [dbo].[sp_Stableford]
另外我知道我在代码中没有提供的东西是我需要将参数@CompetitionId带到我去过的程序中。
为什么不使用IF
语句?
IF (SELECT TOP 1 CompFormat FROM @Competition) = 'Strokes'
BEGIN
EXEC [dbo].[sp_Strokes] @CompetitionId
END
ELSE
BEGIN
EXEC [dbo].[sp_Stableford] @CompetitionId
END
您可以执行您想要的操作并同时消除表变量。 试试这个:
DECLARE @CompFormat varchar(50)
SELECT @CompFormat = CompetitionFormatType
FROM dbo.Competitions
LEFT JOIN dbo.CompetitionFormat
ON dbo.Competitions.CompetitionFormatId = dbo.CompetitionFormat.CompetitionFormatId
WHERE CompetitionId = @CompetitionId
IF @CompFormat = 'Strokes'
BEGIN
EXEC [dbo].[sp_Strokes] @CompetitionId
END
ELSE
BEGIN
EXEC [dbo].[sp_Stableford] @CompetitionId
END
或者您可能应该创建一个新的存储过程,将@Competition.CompFormat
作为参数,然后在其中使用IF语句来决定从哪个表进行查询。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.