动态 SQL 创建用户语句
Dynamic SQL Create User Statement
我正在尝试创建一个用户脚本,它将从 table 中提取用户名并将其放入一个变量中,但我 运行 遇到了一堆错误。这是我得到的。
USE AP
GO
IF EXISTS (SELECT DB_ID('AP'))
DROP TABLE NewLogins
CREATE TABLE NewLogins
(LoginName VARCHAR(128))
INSERT INTO NewLogins
VALUES ('BBrown'), ('CChaplin'), ('DDyer'), ('EEbbers')
DECLARE NewLogins CURSOR
STATIC
FOR (SELECT LoginName, SUBSTRING(LoginName, 1, 4) FROM NewLogins)
DECLARE @LoginName VARCHAR(128), @Password VARCHAR(128)
OPEN NewLogins
FETCH NEXT FROM NewLogins
INTO @LoginName, @Password
DECLARE @DropLogin VARCHAR(200)
SET @DropLogin ='DROP LOGIN ' + @LoginName + ''
WHILE(@@FETCH_STATUS = 0)
BEGIN
IF EXISTS (SELECT DB_ID('AP'))
EXEC @DropLogin
FETCH NEXT FROM NewLogins
Declare @sqlstmt VARCHAR(200)
SET @sqlstmt='CREATE LOGIN '+@LoginName +' WITH PASSWORD ='''+ LOWER(@Password) +'9999'''
PRINT @sqlstmt
EXEC (@sqlstmt)
DECLARE @CreateUser VARCHAR(200)
SET @CreateUser ='CREATE USER '+@LoginName +'FOR LOGIN ' + @LoginName
DECLARE @AddMemberToGroup VARCHAR(200)
SET @AddMemberToGroup ='EXEC sp_addrolemember ' + @LoginName +', ' + 'PaymentEntry'
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = @LoginName)
BEGIN
EXEC @CreateUser
EXEC @AddMemberToGroup
END
END
CLOSE NewLogins
DEALLOCATE NewLogins
出于某种原因,我不断收到错误提示:
CREATE LOGIN BBrown WITH PASSWORD ='bbro9999'
Msg 15025, Level 16, State 1, Line 3
The server principal 'BBrown' already exists.
Msg 2812, Level 16, State 62, Line 45
Could not find stored procedure 'CREATE USER BBrownFOR LOGIN BBrown'.
Msg 2812, Level 16, State 62, Line 46
Could not find stored procedure 'EXEC sp_addrolemember BBrown, PaymentEntry'.
Msg 2812, Level 16, State 62, Line 28
Could not find stored procedure 'DROP LOGIN BBrown'.
首先,您将始终从 SELECT DB_ID('AP') 获得结果集。该结果集可能在 returns 的 row/column 中有一个 NULL 值,但它仍然存在,因此使用 IF EXISTS 存在错误。你需要检查,IF DB_ID('AP') IS NOT NULL.
接下来,您将接受 SQL 注射。您应该非常仔细地研究它并理解为什么您使用的动态 SQL 是危险的。
最后,在使用EXEC和一串动态的SQL时,需要把它放在大括号中,否则SQL认为你在尝试调用存储过程. EXEC 函数和 EXEC 命令的语法略有不同。所以,你需要 EXEC(@CreateUser)
我正在尝试创建一个用户脚本,它将从 table 中提取用户名并将其放入一个变量中,但我 运行 遇到了一堆错误。这是我得到的。
USE AP
GO
IF EXISTS (SELECT DB_ID('AP'))
DROP TABLE NewLogins
CREATE TABLE NewLogins
(LoginName VARCHAR(128))
INSERT INTO NewLogins
VALUES ('BBrown'), ('CChaplin'), ('DDyer'), ('EEbbers')
DECLARE NewLogins CURSOR
STATIC
FOR (SELECT LoginName, SUBSTRING(LoginName, 1, 4) FROM NewLogins)
DECLARE @LoginName VARCHAR(128), @Password VARCHAR(128)
OPEN NewLogins
FETCH NEXT FROM NewLogins
INTO @LoginName, @Password
DECLARE @DropLogin VARCHAR(200)
SET @DropLogin ='DROP LOGIN ' + @LoginName + ''
WHILE(@@FETCH_STATUS = 0)
BEGIN
IF EXISTS (SELECT DB_ID('AP'))
EXEC @DropLogin
FETCH NEXT FROM NewLogins
Declare @sqlstmt VARCHAR(200)
SET @sqlstmt='CREATE LOGIN '+@LoginName +' WITH PASSWORD ='''+ LOWER(@Password) +'9999'''
PRINT @sqlstmt
EXEC (@sqlstmt)
DECLARE @CreateUser VARCHAR(200)
SET @CreateUser ='CREATE USER '+@LoginName +'FOR LOGIN ' + @LoginName
DECLARE @AddMemberToGroup VARCHAR(200)
SET @AddMemberToGroup ='EXEC sp_addrolemember ' + @LoginName +', ' + 'PaymentEntry'
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = @LoginName)
BEGIN
EXEC @CreateUser
EXEC @AddMemberToGroup
END
END
CLOSE NewLogins
DEALLOCATE NewLogins
出于某种原因,我不断收到错误提示:
CREATE LOGIN BBrown WITH PASSWORD ='bbro9999'
Msg 15025, Level 16, State 1, Line 3
The server principal 'BBrown' already exists.
Msg 2812, Level 16, State 62, Line 45
Could not find stored procedure 'CREATE USER BBrownFOR LOGIN BBrown'.
Msg 2812, Level 16, State 62, Line 46
Could not find stored procedure 'EXEC sp_addrolemember BBrown, PaymentEntry'.
Msg 2812, Level 16, State 62, Line 28
Could not find stored procedure 'DROP LOGIN BBrown'.
首先,您将始终从 SELECT DB_ID('AP') 获得结果集。该结果集可能在 returns 的 row/column 中有一个 NULL 值,但它仍然存在,因此使用 IF EXISTS 存在错误。你需要检查,IF DB_ID('AP') IS NOT NULL.
接下来,您将接受 SQL 注射。您应该非常仔细地研究它并理解为什么您使用的动态 SQL 是危险的。
最后,在使用EXEC和一串动态的SQL时,需要把它放在大括号中,否则SQL认为你在尝试调用存储过程. EXEC 函数和 EXEC 命令的语法略有不同。所以,你需要 EXEC(@CreateUser)