Tsql 使用动态查询时的语法问题
问题1:Tsql 使用动态查询时的语法问题,tsql,sql-server-2005,Tsql,Sql Server 2005,问题1: SET @sql2 = 'insert into TempReport select ID, max(TransactionTime),0 from ClubTransaction with (nolock) where ClubcardID in (select ClubcardID from TempCC) and ClubcardTransaction.OfferID not in (119,120,121) group by Club
SET @sql2 = 'insert into TempReport
select ID, max(TransactionTime),0 from ClubTransaction with (nolock)
where ClubcardID in (select ClubcardID from TempCC)
and ClubcardTransaction.OfferID not in (119,120,121)
group by ClubcardID'
exec (@Sql2)
问题2:
delcare @OfferID varchar(50)
set OfferID='1,112,445,'
SET @sql2 = 'insert into TempReport
select ID, max(TransactionTime),0 from ClubTransaction with (nolock)
where ClubcardID in (select ClubcardID from TempCC)
and ClubcardTransaction.OfferID not in (Select Item From dbo.fnSplit(@OfferID,'','')
group by ClubcardID'
exec (@Sql2)
declare @OfferID varchar(50)
set OfferID='1,112,445,'
SET @sql2 = 'insert into TempReport
select ID, max(TransactionTime),0 from ClubTransaction with (nolock)
where ClubcardID in (select ClubcardID from TempCC)
and ClubcardTransaction.OfferID not in (Select Item From dbo.fnSplit(' + replace(convert(varchar(4000), @OfferID), '''', '''''') + ',"","")
group by ClubcardID'
exec (@Sql2)
查询1工作正常。在query2中,我将替换为一个未定义的变量,其中我将传递给函数fnSplit,在函数fnSplit中,我用逗号分隔值。
我收到一条错误消息必须声明标量变量“@OfferID”
。
请让我知道问题出在哪里。您必须从外部输入值并替换“by”: 问题2:
delcare @OfferID varchar(50)
set OfferID='1,112,445,'
SET @sql2 = 'insert into TempReport
select ID, max(TransactionTime),0 from ClubTransaction with (nolock)
where ClubcardID in (select ClubcardID from TempCC)
and ClubcardTransaction.OfferID not in (Select Item From dbo.fnSplit(@OfferID,'','')
group by ClubcardID'
exec (@Sql2)
declare @OfferID varchar(50)
set OfferID='1,112,445,'
SET @sql2 = 'insert into TempReport
select ID, max(TransactionTime),0 from ClubTransaction with (nolock)
where ClubcardID in (select ClubcardID from TempCC)
and ClubcardTransaction.OfferID not in (Select Item From dbo.fnSplit(' + replace(convert(varchar(4000), @OfferID), '''', '''''') + ',"","")
group by ClubcardID'
exec (@Sql2)
另一个解决方案是使用
请注意,动态SQL是进行SQL注入的一种方法,您应该避免使用它