SQL ×¢Èë

SQL×¢Èë¾Í²»ÓýéÉÜÁË£¬ÍøÉϺܶࡣÏÂÃæ½éÉÜһϷÀÖ¹
SQL×¢ÈëµÄ·½·¨¡£
ʹÓÃ
quotename º¯ÊýºÍ
sp_executesql
²Î¿¼Èç
ϱí½á¹¹£ºÕâÊÇÒ»¸öÎĵµ±íÀïÃæÓÐһЩ¼òµ¥µÄ×Ö¶ÎÐÅÏ¢
CREATE
TABLE
[dbo]
.
[DocumentInfo]
(
    [ID]
[int]
IDENTITY
(
1,
1) primary key
 NOT
NULL,--
Ö÷¼ü
    [Name]
[varchar]
(
100)
NOT
NULL,--
ÎĵµÃû×Ö
    [FunctionID]
[int]
NOT
NULL
£¬
--
¹¦ÄÜ
ID
Íâ¼ü
    [TypeInfo]
[nvarchar]
(
2000)
NULL—
ÃèÊöÐÅÏ¢
£©
ÎÒÃÇ¿ÉÄܻᰴ£¬Ö÷¼ü
ID£¬ÎĵµµÄÃû×Ö£¬¹¦ÄÜ
id£¬
ÃèÊöÐÅÏ¢½øÐвéѯ
£¬Õâ¸öÒ»¿´¾ÍÊÇÆ´½Ó
sqlÓï¾ä£¬Èç¹û²»ÓÃÉÏÃæµÄ·½·¨ºÜ¿ÉÄÜÔì³É
sql×¢Èë
ÀýÈçÄãдµÄ´æ´¢¹ý³Ì¿ÉÄÜÈçÏ£º
CREATE

proc
 [dbo]
.
[Doc_search]
(
@ID
int
,
@name
varchar
(
10),
@FID
int
,
@Info
nvarchar
(
20)
)
as
begin

declare
@sql
varchar
(
300)
set
@sql
=
'select * from
[DocumentInfo] where 1=1'
if
@ID
<>-
1
set
@sql
=
@sql
+
' and ID='
+
CAST
(
@ID
as
varchar
)
if
@name
<>
''
set
@sql
=
@sql
+
' and name='''
+
CAST
(
@name
as
varchar
)
+
''''
if
@FID
<>-
1
set
@sql
=
@sql
+
' and
[FunctionID]='
+
CAST
(
@FID
as
varchar
)
if
@Info
<>
''
set
@sql
=
@sql
+
' and [TypeInfo] like ''%'
+
CAST
(
@Info
as
varchar
)+
'%'''
print
@sql
end
exec
(
@sql
)
ËäÈ»ÄãÓÃÁË´ø²ÎÊýµÄ´æ´¢¹ý³Ì
£¬µ«±¾ÖÊÉÏ»¹ÊÇÆ´½Ó×Ö·û´®£¬Ã»ÓÐÓÐЧµÄ·ÀÖÎ
sql×¢Èë¡£ÏÖÔÚ
·Ö±ðÓÃ
quotename()º¯ÊýºÍ
sp_executesql¡£
Quotename()º¯Êý²»ÖªµÀÓõÄÇë×ÔÐвéÕÒ£¬
sp_executesqlµÄÓ÷¨
¼ûÉÏһƪ¶¯Ì¬
sql
Quotename¸Ä½øÈçÏ£º
alter
proc
 [dbo]
.
[Doc_search]
(
@ID
int
,
@name
varchar
(
10),
@FID
int
,
@Info
nvarchar
(
20)
)
as
begin

declare
@sql
varchar
(
300)
set
@sql
=
'select * from
[DocumentInfo] where 1=1'
if
@ID
<>-
1
set
@sql
=
@sql
+
' and ID='
+
CAST
(
@ID
as
varchar
)