Sql @关键字为空 开始 选择@q2=@q2+@QRY 结束 --请使用列名而不是* 选择@q2=@q2+”) 挑选 C.CaseId, C.LoanAmount, C.CommDate, C.最后提交日期, C.老龄化, C.银行或信贷, C.商业性质, C.
@关键字为空 开始 选择@q2=@q2+@QRY 结束 --请使用列名而不是* 选择@q2=@q2+”) 挑选 C.CaseId, C.LoanAmount, C.CommDate, C.最后提交日期, C.老龄化, C.银行或信贷, C.商业性质, C.CreditorName, C.DebtorName, C.IPName, C.SectorName, C.CatgoryName, C.分类法, 罗诺 从CTE到C 其中C.rowNo>('+@pgsize+'*('+@q1+'-1))Sql @关键字为空 开始 选择@q2=@q2+@QRY 结束 --请使用列名而不是* 选择@q2=@q2+”) 挑选 C.CaseId, C.LoanAmount, C.CommDate, C.最后提交日期, C.老龄化, C.银行或信贷, C.商业性质, C.,sql,sql-server,stored-procedures,Sql,Sql Server,Stored Procedures,@关键字为空 开始 选择@q2=@q2+@QRY 结束 --请使用列名而不是* 选择@q2=@q2+”) 挑选 C.CaseId, C.LoanAmount, C.CommDate, C.最后提交日期, C.老龄化, C.银行或信贷, C.商业性质, C.CreditorName, C.DebtorName, C.IPName, C.SectorName, C.CatgoryName, C.分类法, 罗诺 从CTE到C 其中C.rowNo>('+@pgsize+'*('+@q1+'-1)) 首先
首先,为什么要使用动态SQL?你有索引吗?啊!在解决你的注射问题之前!另外,为什么
@关键字nvarchar(60)nvarchar(100)LoanAmount或类似“%John Smith%”的LoanAmountLoanAmount[{Object Name/Alias}].[{Column Name}]@Keyword@q1ALTER PROCEDURE [dbo].[GetByKeyWord] @Keyword NVARCHAR(60) = '',
@PageNumber BIGINT = 1,
@PageSize BIGINT = 100 AS BEGIN
SET nocount ON;
DECLARE @Query NVARCHAR(2000) = '';
DECLARE @q1 NVARCHAR(100) = '';
DECLARE @q2 NVARCHAR(500) = '';
DECLARE @pgsize NVARCHAR(40) = '';
SET @Query ='; WITH CTE AS
( Select [dbo].[CTable].CaseId ,[dbo].[CTable].LoanAmount,[dbo].[CTable].CommDate,[dbo].[CTable].LastSubmissionDate,[dbo].[CTable].Aging,[dbo].[CTable].BankersORCreditorsCity,[dbo].[CTable].BusinessNature,[dbo].[CT].CreditorName,
[dbo].[DT].DebtorName,[dbo].[IT].IPName,[dbo].[ST].SectorName,[dbo].[AT].CatgoryName,[dbo].[AT].CategoryStart , ROW_NUMBER() OVER (ORDER BY [dbo].[CTable].DebtorId ) as rowNo
from [dbo].[CTable]
LEFT JOIN [dbo].[DT] ON [dbo].[DT].DebtorId = [dbo].[CTable].DebtorId
LEFT JOIN [dbo].[RT] ON [dbo].[RT].RPId = [dbo].[CTable].RPId
LEFT JOIN [dbo].[ST] ON [dbo].[ST].SectorId = [dbo].[CTable].SectorId
LEFT JOIN [dbo].[IT] ON [dbo].[IT].IPId = [dbo].[CTable].IpId
LEFT JOIN [dbo].[AT] ON [dbo].[AT].CategoryId = [dbo].[CTable].AgingCategoryId
LEft JOIN [dbo].[CT] ON [dbo].[CT].CreditorId = [dbo].[CTable].CreditorId
Where ( [dbo].[CTable].IsDeleted IS NULL OR [dbo].[CTable].IsDeleted = 0) '
IF (@Keyword != ''
AND @Keyword IS NOT NULL) BEGIN
SELECT @q1 = TRIM(@Keyword) ;
SELECT @q2 = @q2 +' AND( [dbo].[CTable].BusinessNature LIKE '''+ '%'+@q1 +'%'+ '''' ;
SELECT @q2 = @q2 +' OR [dbo].[DT].DebtorName LIKE '''+ '%'+@q1 +'%'+ '''' ;
SELECT @q2 = @q2 +' OR [dbo].[CT].CreditorName LIKE '''+ '%'+@q1 +'%'+ '''' ;
SELECT @q2 = @q2 +' OR LoanAmount LIKE '''+ '%'+@q1 +'%'+ '''' ;
SELECT @q2 = @q2 +' OR [dbo].[ST].SectorName LIKE '''+ '%'+@q1 +'%'+ '''' ;
SELECT @q2 = @q2 +' OR [dbo].[IT].IPName LIKE '''+ '%'+@q1 +'%'+ ''')' ;
END
SELECT @q1 = @PageNumber ;
SELECT @pgsize = @PageSize ;
-- select @q2 = @q2 +' And [dbo].[CTable].LastSubmissionDate = '+@q1 ;
SELECT @q2 = @q2 +' )
SELECT *
FROM CTE
WHERE rowNo > (' + @pgsize + ' * (' + @q1 + ' - 1 ) )
AND rowNo <= ( ' + @pgsize +' * '+ @q1 + ') '
SET @Query = @Query + @q2 --select @Query
EXEC (@Query) ;
END
ALTER PROCEDURE [dbo].[GetByKeyWord]
@Keyword NVARCHAR(60) = '',
@PageNumber BIGINT = 1,
@PageSize BIGINT = 100
AS
BEGIN
SET NOCOUNT ON;
DECLARE
@Query NVARCHAR(2000) = '',
@QRY NVARCHAR(700) = '',
@q1 NVARCHAR(100) = '',
@q2 NVARCHAR(1500) = '',
@pgsize NVARCHAR(40) = ''
SELECT
@q1 = RTRIM(LTRIM(@Keyword)),
@Keyword = NULLIF(@Keyword,'')
SET @Query = '
;WITH CTE
AS
( '
-- Please use table alias so it will take less characters in dynamic query
SET @QRY = '
SELECT
CT.CaseId ,
CT.LoanAmount,
CT.CommDate,
CT.LastSubmissionDate,
CT.Aging,
CT.BankersORCreditorsCity,
CT.BusinessNature,
C.CreditorName,
D.DebtorName,
I.IPName,
S.SectorName,
A.CatgoryName,
A.CategoryStart,
ROW_NUMBER() OVER (ORDER BY CT.DebtorId) as rowNo
FROM [dbo].[CTable] AS CT
LEFT JOIN [dbo].[DT] AS D ON D.DebtorId = CT.DebtorId
LEFT JOIN [dbo].[RT] AS R ON R.RPId = CT.RPId
LEFT JOIN [dbo].[ST] AS S ON S.SectorId = CT.SectorId
LEFT JOIN [dbo].[IT] AS I ON I.IPId = CT.IpId
LEFT JOIN [dbo].[AT] AS A ON A.CategoryId = CT.AgingCategoryId
LEft JOIN [dbo].[CT] AS C ON C.CreditorId = CT.CreditorId
Where (CT.IsDeleted IS NULL OR CT.IsDeleted = 0) '
IF (@Keyword != '' AND @Keyword IS NOT NULL)
BEGIN
SELECT @q2 = @QRY + ' AND CT.BusinessNature LIKE ''' + '%' + @q1 + '%' + '''' ;
SELECT @q2 = @q2 + ' UNION ALL ' + @QRY + ' AND D.DebtorName LIKE ''' + '%' + @q1 + '%' + '''' ;
SELECT @q2 = @q2 + ' UNION ALL ' + @QRY + ' AND C.CreditorName LIKE ''' + '%' + @q1 + '%' + '''' ;
SELECT @q2 = @q2 + ' UNION ALL ' + @QRY + ' AND CT.LoanAmount LIKE ''' + '%' + @q1 + '%' + '''' ;
SELECT @q2 = @q2 + ' UNION ALL ' + @QRY + ' AND S.SectorName LIKE ''' + '%' + @q1 + '%' + '''' ;
SELECT @q2 = @q2 + ' UNION ALL ' + @QRY + ' AND I.IPName LIKE ''' + '%' + @q1 + '%' + '''' ;
END
SELECT @q1 = @PageNumber;
SELECT @pgsize = @PageSize;
--select @q2 = @q2 +' And [dbo].[CTable].LastSubmissionDate = '+@q1 ;
-- Use this condition for add select query to q2 if keyword is null
IF @Keyword IS NULL
BEGIN
SELECT @q2 = @q2 + @QRY
END
--Please use column names instead of *
SELECT @q2 = @q2 + ' )
SELECT
C.CaseId ,
C.LoanAmount,
C.CommDate,
C.LastSubmissionDate,
C.Aging,
C.BankersORCreditorsCity,
C.BusinessNature,
C.CreditorName,
C.DebtorName,
C.IPName,
C.SectorName,
C.CatgoryName,
C.CategoryStart,
C.rowNo
FROM CTE AS C
WHERE C.rowNo > (' + @pgsize + ' * (' + @q1 + ' - 1 ) )
AND C.rowNo <= ( ' + @pgsize + ' * ' + @q1 + ') '
SET @Query = @Query + @q2 --select @Query
-- Please use sp_executesql SP for dynamic query
EXECUTE sp_executesql @Query
--EXEC (@Query) ;
END