我想编写一个存储过程,该过程可用于更新表中所有者名称,备份联系人,其他联系人等的ID。这些ID将从其他表中获取。我不想编写用于所有这些联系信息的不同存储过程,而是要编写一个动态sql,在其中可以将列名作为变量名传递。我的存储过程如下:
CREATE PROCEDURE spUpdateUser
-- Add the parameters for the stored procedure here
( @recordid [nvarchar](50),
@id [nvarchar](10),
@user [nvarchar](50)
)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
DECLARE
@sql NVARCHAR(MAX);
SET NOCOUNT ON;
set @sql=
-- Insert statements for procedure here
N'UPDATE [dbo].[table1]
SET'+ QUOTENAME(@user)
+ '= (SELECT [dbo].[table2].User
FROM [dbo].[table2]
WHERE [dbo].[table2].id='+QUOTENAME(@id)+')
Where record ='+ QUOTENAME(@recordid)
EXEC sp_executesql @sql;
END;
GO
执行查询后,它运行无误,但在表1中未更改用户。
程序中缺少什么?
不要注入参数,对其参数进行参数设置:
CREATE PROCEDURE spUpdateUser
-- Add the parameters for the stored procedure here
( @recordid [nvarchar](50), --Are your IDs really an nvarchar?
@id [nvarchar](10), --Are your IDs really an nvarchar?
@user sysname --As this is an object, lets use the correct datatype
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
DECLARE @sql NVARCHAR(MAX),
@CRLF nchar(2) = NCHAR(13) + NCHAR(10);
SET NOCOUNT ON;
-- Insert statements for procedure here
SET @sql= N'UPDATE [dbo].[table1]' + @CRLF +
N'SET ' + QUOTENAME(@user) + N' = (SELECT [table2].User' + @CRLF + --3 part naming for columns is deprecated, don't use it
N' FROM [dbo].[table2]' + @CRLF +
N' WHERE [table2].id= @id)' + @CRLF + --3 part naming for columns is deprecated, don't use it
N'WHERE record = @recordid;';
--PRINT @SQLl --Your Best Friend
EXEC sp_executesql @sql, N'@id nvarchar(10), @recordid nvarchar(50)', @id, @recordid; --Assumes that IDs are an nvarchar again
END;
GO
注意,我在这里还留下了一些评论,供您使用和查看。