Sql 如何传递变量内部字符串的参数值?
有人能帮我把参数值传给变量中的字符串吗 例: 这里我想把@ID作为参数传递给变量@STRSql 如何传递变量内部字符串的参数值?,sql,sql-server,sql-server-2008,tsql,sql-server-2012,Sql,Sql Server,Sql Server 2008,Tsql,Sql Server 2012,有人能帮我把参数值传给变量中的字符串吗 例: 这里我想把@ID作为参数传递给变量@STR DECLARE @STR VARCHAR(MAX) = '' DECLARE @ID INT SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID' SET @STR = REPLACE(@STR, '@ID', COALESCE(CAST(@ID AS varchar(31)),'')) 当然还有其他的。您可以在构建@STR时使用字符串连接,
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
SET @STR = REPLACE(@STR, '@ID', COALESCE(CAST(@ID AS varchar(31)),''))
当然还有其他的。您可以在构建@STR
时使用字符串连接,也可以保持原样,并在最终想要执行字符串时使用对sp_executesql的参数化调用,假设这就是您想要对它执行的操作。这里有一个简单的方法:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
SET @STR = REPLACE(@STR, '@ID', COALESCE(CAST(@ID AS varchar(31)),''))
当然还有其他的。您可以在构建@STR
时使用字符串连接,也可以保持原样,并在最终想要执行字符串时使用对sp_executesql的参数化调用,假设这就是您想要对它执行的操作。这里有一个简单的方法:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
SET @STR = REPLACE(@STR, '@ID', COALESCE(CAST(@ID AS varchar(31)),''))
当然还有其他的。您可以在构建@STR
时使用字符串连接,也可以保持原样,并在最终想要执行字符串时使用对sp_executesql的参数化调用,假设这就是您想要对它执行的操作。这里有一个简单的方法:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
SET @STR = REPLACE(@STR, '@ID', COALESCE(CAST(@ID AS varchar(31)),''))
当然还有其他的。您可以在构建@STR
时使用字符串连接,也可以保持原样,并在最终要执行字符串时使用对sp_executesql的参数化调用,前提是您希望对其执行此操作。使用以下方法:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=' + CAST(@ID AS VARCHAR(50))
使用以下命令:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=' + CAST(@ID AS VARCHAR(50))
使用以下命令:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=' + CAST(@ID AS VARCHAR(50))
使用以下命令:
DECLARE @STR VARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=' + CAST(@ID AS VARCHAR(50))
使用
sp_executesql
为参数赋值,这也将避免sql注入。试试这个
DECLARE @STR NVARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
exec sp_executesql @str,'@ID INT',@ID
使用
sp_executesql
为参数赋值,这也将避免sql注入。试试这个
DECLARE @STR NVARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
exec sp_executesql @str,'@ID INT',@ID
使用
sp_executesql
为参数赋值,这也将避免sql注入。试试这个
DECLARE @STR NVARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
exec sp_executesql @str,'@ID INT',@ID
使用
sp_executesql
为参数赋值,这也将避免sql注入。试试这个
DECLARE @STR NVARCHAR(MAX) = ''
DECLARE @ID INT
SET @STR = 'SELECT * FROM STUDENT WHERE STUDENT_ID=@ID'
exec sp_executesql @str,'@ID INT',@ID
您可以将查询编写为:
DECLARE @ID int;
--to use sp_executesql sql statement must be a Unicode variable
DECLARE @STR nvarchar(500);
DECLARE @ParmDefinition nvarchar(500);
/* Build the SQL string.
as a best practice you should specify column names instead of writing *
*/
SET @STR =
N'SELECT Col1,Col2 FROM STUDENT WHERE STUDENT_ID=@ID';
SET @ParmDefinition = N'@ID Int';
/* Execute the string with the parameter value. */
SET @ID = 1;
EXECUTE sp_executesql @STR, @ParmDefinition,
@ID = @ID;
您可以将查询编写为:
DECLARE @ID int;
--to use sp_executesql sql statement must be a Unicode variable
DECLARE @STR nvarchar(500);
DECLARE @ParmDefinition nvarchar(500);
/* Build the SQL string.
as a best practice you should specify column names instead of writing *
*/
SET @STR =
N'SELECT Col1,Col2 FROM STUDENT WHERE STUDENT_ID=@ID';
SET @ParmDefinition = N'@ID Int';
/* Execute the string with the parameter value. */
SET @ID = 1;
EXECUTE sp_executesql @STR, @ParmDefinition,
@ID = @ID;
您可以将查询编写为:
DECLARE @ID int;
--to use sp_executesql sql statement must be a Unicode variable
DECLARE @STR nvarchar(500);
DECLARE @ParmDefinition nvarchar(500);
/* Build the SQL string.
as a best practice you should specify column names instead of writing *
*/
SET @STR =
N'SELECT Col1,Col2 FROM STUDENT WHERE STUDENT_ID=@ID';
SET @ParmDefinition = N'@ID Int';
/* Execute the string with the parameter value. */
SET @ID = 1;
EXECUTE sp_executesql @STR, @ParmDefinition,
@ID = @ID;
您可以将查询编写为:
DECLARE @ID int;
--to use sp_executesql sql statement must be a Unicode variable
DECLARE @STR nvarchar(500);
DECLARE @ParmDefinition nvarchar(500);
/* Build the SQL string.
as a best practice you should specify column names instead of writing *
*/
SET @STR =
N'SELECT Col1,Col2 FROM STUDENT WHERE STUDENT_ID=@ID';
SET @ParmDefinition = N'@ID Int';
/* Execute the string with the parameter value. */
SET @ID = 1;
EXECUTE sp_executesql @STR, @ParmDefinition,
@ID = @ID;
为简单起见,您还可以为其创建存储过程:- SQL中的代码
Create Proc [ProcedureName]
@ID As int
As
SELECT * FROM STUDENT WHERE STUDENT_ID=@ID
调用存储过程
[ProcedureName] 1
--Here replace "1" with your Id
为简单起见,您还可以为其创建存储过程:- SQL中的代码
Create Proc [ProcedureName]
@ID As int
As
SELECT * FROM STUDENT WHERE STUDENT_ID=@ID
调用存储过程
[ProcedureName] 1
--Here replace "1" with your Id
为简单起见,您还可以为其创建存储过程:- SQL中的代码
Create Proc [ProcedureName]
@ID As int
As
SELECT * FROM STUDENT WHERE STUDENT_ID=@ID
调用存储过程
[ProcedureName] 1
--Here replace "1" with your Id
为简单起见,您还可以为其创建存储过程:- SQL中的代码
Create Proc [ProcedureName]
@ID As int
As
SELECT * FROM STUDENT WHERE STUDENT_ID=@ID
调用存储过程
[ProcedureName] 1
--Here replace "1" with your Id
声明@STR VARCHAR(MAX)=”
声明@ID INT
设置@STR='从学生中选择*,其中学生ID='+@ID
应该声明@STR VARCHAR(MAX)=”
声明@ID INT
设置@STR='从学生中选择*,其中学生ID='+@ID
应该声明@STR VARCHAR(MAX)=”
声明@ID INT
设置@STR='从学生中选择*,其中学生ID='+@ID
应该声明@STR VARCHAR(MAX)=”
声明@ID INT
设置@STR='从学生中选择*,其中学生ID='+@ID
应该执行才能使用
sp_executesql
sql语句必须是Unicode变量。。所以@STR应该是nvarchar,否则会出现错误。@Mini-yep遗漏了它要使用sp_executesql
sql语句必须是Unicode变量。。所以@STR应该是nvarchar,否则会出现错误。@Mini-yep遗漏了它要使用sp_executesql
sql语句必须是Unicode变量。。所以@STR应该是nvarchar,否则会出现错误。@Mini-yep遗漏了它要使用sp_executesql
sql语句必须是Unicode变量。。所以@STR应该是nvarchar,否则它会出错。@Mini-yep错过了它