![](/img/trans.png)
[英]How to pass column name as parameter in a Stored Procedure in PL/SQL?
[英]How to pass parameter as column name in stored procedure in my example
CREATE PROCEDURE ProcedureName1
@columnsname varchar(50),
@columnsvalue varchar(50)
AS
BEGIN
with cet as
(
Select ID,
names,
Null As address,
work,
note
From Tabl1
Where @columnsname Like @columnsvalue
Union All
Select t2.ID,
t2.name,
t2.address,
Null,
Null As tt
From Tabl2 As t2
Left Join Tabl1 As t1
On t2.ID = t1.ID
Where @columnsname Like @columnsvalue
)
Select *
From cet
Order By id,
note Desc,
cet.address
END GO
您將必須使用動態sql進行此類操作。 最好將sys.columns
或information_schema.columns
的@columnsname
值列入白名單。
使用sp_executesql
繼續保留@columnsvalue
作為參數,而不是將其連接到將要執行的SQL。
create procedure ProcedureName1 (
@columnsname sysname --varchar(50)
, @columnsvalue varchar(50)
) as
begin
declare @sql nvarchar(max), @column_name sysname;
/* make sure the @columnsname is a valid column name */
set @column_name = (
select c.name
from sys.columns c
where c.object_id = object_id(N'Tabl1')
and c.name = @columnsname
);
set @sql = 'with cte as (
select
ID
, names
, null as address
, work
, note
from Tabl1
where '+@column_name+' like @columnsvalue
union all
select
t2.ID
, t2.name
, t2.address
, null
, null as tt
from Tabl2 as t2
left join Tabl1 as t1 on t2.ID = t1.ID
where '+@column_name+' like @columnsvalue
)
select *
from cet
order by
id
, note desc
, address;'
exec sp_executesql @sql, N'@columnsvalue varchar(50)', @columnsvalue
end;
go
參考:
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.