[英]How to pass column name as parameter in a Stored Procedure in PL/SQL?
[英]How to pass parameter as column name in stored procedure in my example
CREATE PROCEDURE ProcedureName1
@columnsname varchar(50),
@columnsvalue varchar(50)
AS
BEGIN
with cet as
(
Select ID,
names,
Null As address,
work,
note
From Tabl1
Where @columnsname Like @columnsvalue
Union All
Select t2.ID,
t2.name,
t2.address,
Null,
Null As tt
From Tabl2 As t2
Left Join Tabl1 As t1
On t2.ID = t1.ID
Where @columnsname Like @columnsvalue
)
Select *
From cet
Order By id,
note Desc,
cet.address
END GO
您将必须使用动态sql进行此类操作。 最好将sys.columns
或information_schema.columns
的@columnsname
值列入白名单。
使用sp_executesql
继续保留@columnsvalue
作为参数,而不是将其连接到将要执行的SQL。
create procedure ProcedureName1 (
@columnsname sysname --varchar(50)
, @columnsvalue varchar(50)
) as
begin
declare @sql nvarchar(max), @column_name sysname;
/* make sure the @columnsname is a valid column name */
set @column_name = (
select c.name
from sys.columns c
where c.object_id = object_id(N'Tabl1')
and c.name = @columnsname
);
set @sql = 'with cte as (
select
ID
, names
, null as address
, work
, note
from Tabl1
where '+@column_name+' like @columnsvalue
union all
select
t2.ID
, t2.name
, t2.address
, null
, null as tt
from Tabl2 as t2
left join Tabl1 as t1 on t2.ID = t1.ID
where '+@column_name+' like @columnsvalue
)
select *
from cet
order by
id
, note desc
, address;'
exec sp_executesql @sql, N'@columnsvalue varchar(50)', @columnsvalue
end;
go
参考:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.