在存储过程中使用 DYNAMIC sql 的 CASE 语句
CASE statement using DYNAMIC sql inside stored proc
我试图通过将 Dynamic SQL 存储在存储过程中的变量中来构建 CASE WHEN 语句,但出现以下错误。有人可以分享您对如何解决此错误的想法。谢谢。
--代码
SELECT
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN @SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN @SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
@SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;
--错误:-
Msg 102, Level 15, State 1, Procedure Procedure_name, Line 141 [Batch Start Line 7]
Incorrect syntax near '='.
您收到错误消息,因为 CASE 是 SQL 中的 函数 ,但您将其用作语句或列形式。
SELECT
@SQLStmt =
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;
@SeanLange 是正确的,这 非常 容易受到 SQL 注入。
你试过这种方法吗
SELECT
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN 'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END AS Sqlstmt
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;
我试图通过将 Dynamic SQL 存储在存储过程中的变量中来构建 CASE WHEN 语句,但出现以下错误。有人可以分享您对如何解决此错误的想法。谢谢。
--代码
SELECT
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN @SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN @SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
@SQLStmt =
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;
--错误:-
Msg 102, Level 15, State 1, Procedure Procedure_name, Line 141 [Batch Start Line 7]
Incorrect syntax near '='.
您收到错误消息,因为 CASE 是 SQL 中的 函数 ,但您将其用作语句或列形式。
SELECT
@SQLStmt =
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;
@SeanLange 是正确的,这 非常 容易受到 SQL 注入。
你试过这种方法吗
SELECT
CASE WHEN ResultTableName LIKE '%Loss_ByEvent]'
THEN 'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
WHEN ResultTableName LIKE '%Loss_ByGeo]'
THEN
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
) ON Loss_ByAnalysis(SliceID)'
ELSE
N'CREATE TABLE dbo.' + ResultTableName + N' (
' + CreateStmt + N'
)'
END AS Sqlstmt
,@DBName = DBName
,@ResultTableName = ResultTableName
FROM #CreateResult_ResultTables lr
WHERE ID = @ResultTableCount;