我正在尝试使用存储过程创建视图并在SQL Server中传递动态SQL。
ALTER PROCEDURE sp_businessUnit_totalRequests
(
@ViewName AS VARCHAR(50),
@RequiredBU AS VARCHAR(50)
)
AS
BEGIN
Declare @Req_View_Name AS SYSNAME;
DECLARE @sql NVARCHAR(MAX);
Set @Req_View_Name = @ViewName
set @sql = '
CREATE VIEW [Req_View_Name]
As
BEGIN
Select [Reviewer], Count([Reviewer]) as Total_Requests From [dbo].[reviews_not_sent] where [BU] = @RequiredBU Group By [Reviewer];
END
'
SET @sql = REPLACE(@sql, '[Req_View_Name]', QUOTENAME(@Req_View_Name));
EXEC sp_executesql @sql,
N'@RequiredBU VARCHAR(50)',@RequiredBU=@RequiredBU
END;
Exec sp_businessUnit_totalRequests 'Annuities_Requests', 'Annuities';
过程已创建。但是当我尝试执行存储过程时,它说
视图附近的语法不正确
。
此代码应该起作用:
ALTER PROCEDURE [dbo].[sp_businessUnit_totalRequests]
(
@ViewName AS VARCHAR(50),
@RequiredBU AS VARCHAR(50)
)
AS
BEGIN
Declare @Req_View_Name AS SYSNAME;
DECLARE @sql NVARCHAR(MAX);
Set @Req_View_Name = @ViewName
set @sql = '
CREATE VIEW [Req_View_Name]
As
Select [Reviewer], Count([Reviewer]) as Total_Requests From [dbo].[reviews_not_sent] where [BU] = ''' + @RequiredBU + ''' Group By [Reviewer];
'
SET @sql = REPLACE(@sql, '[Req_View_Name]', QUOTENAME(@Req_View_Name));
EXEC sp_executesql @sql
END;
尽管此代码受到SQL注入的困扰,但仍然有效。无法创建参数化的SQL View。
请从BEGIN语句中删除关键字END和CREATE VIEW ...