Stored procedures 如何在存储过程SQL Server 2008中使用'IN'运算符传递字符串参数
我有一个存储过程,当我执行它时,我得到了一个错误 将varchar值'+@dptId+'转换为数据类型int时,转换失败 我将DepartmentId作为字符串(如1,3,5,77)获取,并将其传递给我的存储过程 我尝试过的查询:Stored procedures 如何在存储过程SQL Server 2008中使用'IN'运算符传递字符串参数,stored-procedures,sql-server-2008-r2,parameterized,Stored Procedures,Sql Server 2008 R2,Parameterized,我有一个存储过程,当我执行它时,我得到了一个错误 将varchar值'+@dptId+'转换为数据类型int时,转换失败 我将DepartmentId作为字符串(如1,3,5,77)获取,并将其传递给我的存储过程 我尝试过的查询: declare @startdate1 varchar(100) ='20120201' declare @enddate1 varchar(100)='20130601' declare @dptId varchar(100)='3,4' select * fr
declare @startdate1 varchar(100) ='20120201'
declare @enddate1 varchar(100)='20130601'
declare @dptId varchar(100)='3,4'
select *
from dummy
where DateJoining >= @startdate1 and DateJoining < @enddate1
and departmentIt IN (@dptId);
declare @startdate1 varchar(100) ='20120201'
declare @enddate1 varchar(100)='20130601'
declare @dptId varchar(100)='3,4'
select * from dummy
where DateJoining >=@startdate1 and DateJoining < @enddate1
and departmentID IN (SELECT Value FROM fn_Split(@dptId, ','));
ALTER PROCEDURE [dbo].[uspTestReportData_GetBySerial]
@SerialNumbers nvarchar(200)
AS
BEGIN
SET NOCOUNT ON;
declare @sql nvarchar(200)
set @sql = 'SELECT * from MyTable WHERE Serial_Number in (' + @SerialNumbers + ')'
execute sp_executesql @sql
END
简单地说,您可以执行以下选择:
我的工作不是这样的。departmentIt=@dptId1或departmentIt=@dptId2;?之前我在1,3及其作品中使用了简单的查询字符串,如departmentIt,现在我在使用参数化查询时出现了错误。departmentIt在1,3中有效,但departmentIt在“1,3”中无效,因为它只有一个值-一个字符串而不是两个数字。@juergend:是的,我知道这是错误,但它也不可能使用或完成,因为我获取@dptId值作为字符串。请多搜索一点,因为这不是一个罕见的问题。这可以通过动态SQL完成。用逗号试试谷歌:sql动态separated@SantinderSingh对SQL注入开放吗?嗨,这是不安全的,因为有人可以SQL注入一个危险的子句。你应该添加一个解释,说明这将如何解决问题。这是我将使用的解决方案。简单是关键。
declare @startdate1 varchar(100) ='20120201'
declare @enddate1 varchar(100)='20130601'
declare @dptId varchar(100)='3,4'
select * from dummy
where DateJoining >=@startdate1 and DateJoining < @enddate1
and departmentID IN (SELECT Value FROM fn_Split(@dptId, ','));
ALTER PROCEDURE [dbo].[uspTestReportData_GetBySerial]
@SerialNumbers nvarchar(200)
AS
BEGIN
SET NOCOUNT ON;
declare @sql nvarchar(200)
set @sql = 'SELECT * from MyTable WHERE Serial_Number in (' + @SerialNumbers + ')'
execute sp_executesql @sql
END
ALTER PROCEDURE dbo.sp_Custom_Select_ClientVisit
(
@ClientVisitId int = Null,
@ClientId int = Null,
@PersonId int = Null,
@ProductId int = Null,
@VisitDateFrom datetime = Null,
@VisitDateTo datetime = Null,
@eVisitStatusIn varchar(100) = Null,
@eVisitStatus int = Null,
@eStatus int = Null,
@eStatusNot int = Null
)
AS
create table #IDs
(
Id int
)
Declare @delimiter varchar
Set @delimiter = ','
DECLARE @index int
SET @index = -1
WHILE (LEN(@eVisitStatusIn) > 0)
BEGIN
SET @index = CHARINDEX(@delimiter , @eVisitStatusIn)
IF (@index = 0) AND (LEN(@eVisitStatusIn) > 0)
BEGIN
INSERT INTO #IDs VALUES (@eVisitStatusIn)
BREAK
END
IF (@index > 1)
BEGIN
INSERT INTO #IDs VALUES (LEFT(@eVisitStatusIn, @index - 1))
SET @eVisitStatusIn = RIGHT(@eVisitStatusIn, (LEN(@eVisitStatusIn) - @index))
END
ELSE
SET @eVisitStatusIn = RIGHT(@eVisitStatusIn, (LEN(@eVisitStatusIn) - @index))
END
Select
ClientVisit.ClientVisitId, ClientVisit.eStatus,
ClientVisit.VisitTime, ClientVisit.VisitReason,
ClientVisit.eVisitStatus, ClientVisit.VisitSummary,
Client.ClientId, Client.InstituteName,
Client.PersonName as ClientPersonName, Client.eStatus as ClienteStatus,
Person.PersonId, Person.FirstName as ExecutiveFirstName, Person.LastName as ExecutiveLastName,
Person.FirstName + ' ' + Person.LastName as ExecutiveName,
p.ProductId, p.ParentProductId,
p.ProductName, p.Description as ProductDescription,
p.eStatus ProducteStatus,
Case When ClientVisit.eVisitStatus = 1 Then 'Pending'
When ClientVisit.eVisitStatus = 2 Then 'Completed'
When ClientVisit.eVisitStatus = 3 Then 'Cancelled' End As VisitStatus,
Case When ClientVisit.eStatus = 1 Then 'Active'
When ClientVisit.eStatus = 2 Then 'Deactive'
When ClientVisit.eStatus = 3 Then 'Deleted' End As Status
From AC_ClientVisit as ClientVisit
INNER Join Com_Client Client On Client.ClientId = ClientVisit.ClientId
INNER Join Com_Person Person On Person.PersonId = ClientVisit.ExecutiveId
INNER Join Com_Product p On p.ProductId = Client.RootProductId
Where
(@ClientVisitId IS NULL OR ClientVisit.ClientVisitId = @ClientVisitId)
AND (@ClientId IS NULL OR Client.ClientId = @ClientId)
AND (@PersonId IS NULL OR Person.PersonId = @PersonId)
AND (@ProductId IS NULL OR p.ProductId = @ProductId)
AND (@VisitDateFrom IS NULL OR @VisitDateFrom <= ClientVisit.VisitTime)
AND (@VisitDateTo IS NULL OR @VisitDateTo >= ClientVisit.VisitTime)
AND (@eVisitStatusIn IS NULL OR ClientVisit.eVisitStatus IN(SELECT i.Id FROM #IDs AS i))
AND (@eVisitStatus IS NULL OR ClientVisit.eVisitStatus = @eVisitStatus)
AND (@eStatus IS NULL OR ClientVisit.eStatus = @eStatus)
AND (@eStatusNot IS NULL OR ClientVisit.eStatus <> @eStatusNot)
RETURN
SELECT M.REG_NO, T.TYPE_ID
FROM MAIN AS M
INNER JOIN CLASSIFICATION AS C
ON M.REG_NO = C.REG_NO
INNER JOIN TYPE AS T
ON T.TYPE_ID = C.TYPE_ID
WHERE (','+@Types+',') LIKE '%,' +T.TYPE_ID+ ',%'