我想从C#传递存储过程where子句的参数。我已经声明了一个参数@WhereClause nvarchar(max),在查询中我给出了这样的
select distinct
CLFIIK.AdID
,CLFIIK.AdGiverName
,CLFIIK.AdGiverEmail
,CLFIIK.Title
,left(CLFIIK.Descripton,200) +'...' as Descripton -- select 200 Caharacter and after 200 char it will add ...
, case
when CLFIIK.type = 1 then -- Wanted Events
'Wanted Event'
when CLFIIK.type = 1 then -- offering Events
'Offering Event'
else -- Neither Wanted no Offering Events
'No Event Yet'
end as Type
,CASE
WHEN DATEDIFF(HOUR, PublishedDate, GETDATE()) < 24 THEN
CASE DATEDIFF(HOUR, PublishedDate, GETDATE())
WHEN 1 THEN
CONVERT(VARCHAR, DATEDIFF(HOUR, PublishedDate, GETDATE())) + ' hour ago'
ELSE
CONVERT(VARCHAR, DATEDIFF(HOUR, PublishedDate, GETDATE())) + ' hours ago'
END
ELSE
REPLACE(CONVERT(VARCHAR, PublishedDate, 6), ' ', '-')
END as PublishedDate
,CLFIIK.LastModifiedDate
,LM.LocalityName +', '+ CityM.CityName as Address
,CM.CategoryName
,CM.CategoryID
from
CLF.utblCLFAdInstanceInfoKeys as CLFIIK
inner join
dbo.utblCategoryMaster as CM on CM.CategoryID = CLFIIK.CategoryID
inner join
dbo.utblLocalityMaster as LM on LM.LocalityID = CLFIIK.LocalityID
inner join
dbo.utblCityMaster as CityM on CityM.CityID = LM.CityID
left join
CLF.utblCLFAdInstanceDtls as AdInsDeets on AdInsDeets.AdID = CLFIIK.AdID
where
@WhereClause;
SQL Server 2008 R2抛出此错误
Msg 4145,Level 15,State 1,Procedure udspGetCLFSearchResultEventList,Line 55
在期望条件的上下文中指定的非布尔类型的表达式,在';'附近。
如何解决此错误?
答案 0 :(得分:0)
虽然这确实有效......
DECLARE @sql nvarchar(2000) = 'SELECT .... FROM ....'
DECLARE @sqlwithwhere nvarchar(2000)
SET @sqlwithwhere = @sql + @WhereClause
EXEC sp_executesql @sqlwithwhere
...你应该在C#中声明存储过程参数并单独传递它们。像这样有动态SQL的SQL注入风险。而且它更像是一种黑客而非标准方法。