我正在尝试使用存储过程创建视图并在SQL Server中传递动态SQL。
ALTER PROCEDURE sp_businessUnit_totalRequests
(@ViewName AS VARCHAR(50),
@RequiredBU AS VARCHAR(50))
AS
BEGIN
DECLARE @Req_View_Name AS SYSNAME;
DECLARE @sql NVARCHAR(MAX);
SET @Req_View_Name = @ViewName
SET @sql = '
CREATE VIEW [Req_View_Name]
As
BEGIN
Select [Reviewer], Count([Reviewer]) as Total_Requests From [dbo].[reviews_not_sent] where [BU] = @RequiredBU Group By [Reviewer];
END
'
SET @sql = REPLACE(@sql, '[Req_View_Name]', QUOTENAME(@Req_View_Name));
EXEC sp_executesql @sql,
N'@RequiredBU VARCHAR(50)',@RequiredBU=@RequiredBU
END;
EXEC sp_businessUnit_totalRequests 'Annuities_Requests', 'Annuities';
创建存储过程。但是当我尝试执行存储过程时,它说:
视图附近的语法不正确
答案 0 :(得分:0)
此代码应该有效:
ALTER PROCEDURE [dbo].[sp_businessUnit_totalRequests]
(
@ViewName AS VARCHAR(50),
@RequiredBU AS VARCHAR(50)
)
AS
BEGIN
Declare @Req_View_Name AS SYSNAME;
DECLARE @sql NVARCHAR(MAX);
Set @Req_View_Name = @ViewName
set @sql = '
CREATE VIEW [Req_View_Name]
As
Select [Reviewer], Count([Reviewer]) as Total_Requests From [dbo].[reviews_not_sent] where [BU] = ''' + @RequiredBU + ''' Group By [Reviewer];
'
SET @sql = REPLACE(@sql, '[Req_View_Name]', QUOTENAME(@Req_View_Name));
EXEC sp_executesql @sql
END;
此代码虽然受SQL注入的影响,但仍然有效。无法创建参数化的SQL View。