编写动态SQL查询
[英]Writing dynamic SQL queries
问题描述
我在尝试创建一个相当简单的动态SQL查询时遇到问题。 当我打印@SQLString时,变量不显示它们包含的值。 有任何想法吗?
ALTER PROCEDURE [dbo].[usp_ItemSearch]
@ItemNum varchar(30) = NULL
,@SearchFilter int
,@VendorNum varchar(10) = NULL
,@RecUserID int = NULL
,@StartDate smalldatetime = NULL
,@EndDate smalldatetime = NULL
AS
DECLARE @SQLString as varchar(1000)
SET @SQLString = 'SELECT RecID, VendorNum, VendorName, PORelNum, InvoiceNum, ItemNum, RecAddDate, LastUpdated FROM tbl_Processor_ItemDscLog'
IF @ItemNum IS NOT NULL
BEGIN
IF @SearchFilter = 2
BEGIN
SET @SQLString = @SQLString + ' WHERE ItemNum LIKE ''%' + @ItemNum + '''' --Ends with
END
IF @SearchFilter = 1
BEGIN
SET @SQLString = @SQLString + ' WHERE ItemNum LIKE ''%' + @ItemNum + '%''' --Contains
END
IF @SearchFilter = 0
BEGIN
SET @SQLString = @SQLString + ' WHERE ItemNum LIKE ''' + @ItemNum + '%''' --Starts with
END
END
IF @VendorNum IS NOT NULL
BEGIN
SET @SQLString = @SQLString + ' WHERE VendorNum = ''' + @VendorNum + ''''
END
IF @RecSearchUserID IS NOT NULL
BEGIN
SET @SQLString = @SQLString + ' AND (RecAddUserID = @RecUserID)'
END
IF (@EndDate IS NOT NULL)
BEGIN
IF (@StartDate IS NOT NULL)
BEGIN
SET @SQLString = @SQLString + ' WHERE RecAddDate between @StartDate AND @EndDate '
END
ELSE
BEGIN
SET @SQLString = @SQLString + ' RecAddDate BETWEEN 01/01/1996 AND @EndDate + '
END
END
SET @SQLString = @SQLString + ' ORDER BY ItemNum, VendorNum'
PRINT @SQLString
1 个解决方案
解决方案1
3 已采纳 2010-06-23 03:05:45
您正在将@ItemNum和@VendorNum正确添加到@SQLString,但没有正确添加其他3个变量。 您必须将它们转换为varchar,并将它们连接到@SQLString上,就像执行其他操作一样。
例如,这是@RecSearchUserID块的外观:
IF @RecSearchUserID IS NOT NULL
BEGIN
SET @SQLString = @SQLString + ' AND (RecAddUserID = ' + CAST(@RecUserID AS VarChar) + ')'
END
另外,您确实需要注意其他注释者指出的包含撇号的输入变量,以防止SQL注入...
SQL Server动态查询
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.