动态sql查询

时间:2009-09-18 07:21:08

标签: sql-server

这是我的查询......但它在'+'

附近返回错误的语法 
 DECLARE @refKlinik_id INT
SET @refKlinik_id  = 24

DECLARE @kriter VARCHAR(50)

IF @refKlinik_id <=0 
BEGIN
  SET @kriter = ''
END
ELSE
    SET @Kriter =  'AND H.refKlinik_id =' + @refKlinik_id

SELECT        H.adi + ' ' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres,
                          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN 'Hasta Kartı Sahibi' WHEN 0 THEN 'Hasta Kartı Yok' WHEN NULL 
                         THEN 'Hasta Kartı Yok' END AS HastaKartiDurumu
FROM            Hastalar AS H INNER JOIN
                         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN
                         Adresler AS A ON A.refHasta_id = H.hasta_id
WHERE        (K.refKlinikGrup_id = 1) AND (H.durumu = 1) + @kriter + AND (A.aktif = 1)
ORDER BY H.adi

4 个答案:

答案 0 :(得分:2)

你没有正确使用动态sql - 你必须将查询连接到varchar / nvarchar变量然后执行它。

e.g。

DECLARE @MyParam INTEGER
SET @MyParam = 1

DECLARE @nSQL NVARCHAR(1000)
SET @nSQL = 'SELECT * FROM SomeTable WHERE SomeField = @MyParam'
EXECUTE sp_executesql @nSQL, N'@MyParam INTEGER', @MyParam

请注意动态sql,这种方法我只是将@MyParam直接连接到字符串上,因为它有助于防止SQL注入。

在您的情况下,您实际上不需要使用动态SQL,您可以这样做:

DECLARE @refKlinik_id INT
SET @refKlinik_id  = 24

SELECT        H.adi + ' ' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres,
                          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN 'Hasta Kartı Sahibi' WHEN 0 THEN 'Hasta Kartı Yok' WHEN NULL 
                         THEN 'Hasta Kartı Yok' END AS HastaKartiDurumu
FROM            Hastalar AS H INNER JOIN
                         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN
                         Adresler AS A ON A.refHasta_id = H.hasta_id
WHERE        (K.refKlinikGrup_id = 1) AND (H.durumu = 1) AND (@refKlinik_id<=0 OR H.refKlinik_id = @refKlinik_id) AND (A.aktif = 1)
ORDER BY H.adi

答案 1 :(得分:0)

你不能将@kriter连接到where子句的其余部分 - 它将它作为字符串而不是SQL片段进行评估。你必须把整个东西放在一个字符串变量中,然后使用Exec

答案 2 :(得分:0)

这应该有效:

 DECLARE @refKlinik_id INT
declare @query varchar(1000)
SET @refKlinik_id  = 24

DECLARE @kriter VARCHAR(50)

IF @refKlinik_id <=0 
BEGIN
  SET @kriter = ''
END
ELSE
    SET @Kriter =  'AND H.refKlinik_id =' + cast(@refKlinik_id as varchar(10))

set @query='SELECT        H.adi + '' '' + H.soyadi AS Hasta, H.tcKimlikNo, CONVERT(varchar, H.dogumTarihi, 103) AS DogumTarihi, K.kisaAdi AS Klinik, A.acikAdres + A.ilce + A.il AS Adres,
                          A.tel1, A.gsm, CASE H.hastaKartiVar WHEN 1 THEN ''Hasta Kartı Sahibi'' WHEN 0 THEN ''Hasta Kartı Yok'' WHEN NULL 
                         THEN ''Hasta Kartı Yok'' END AS HastaKartiDurumu
FROM            Hastalar AS H INNER JOIN
                         Klinikler AS K ON K.klinik_id = H.refKlinik_id INNER JOIN
                         Adresler AS A ON A.refHasta_id = H.hasta_id
WHERE        (K.refKlinikGrup_id = 1) AND (H.durumu = 1)' + @kriter + 'AND (A.aktif = 1)
ORDER BY H.adi'
exec(@query)

答案 3 :(得分:0)

我可以在键入动态SQL的单个字符之前建议您熟悉以下“基本阅读”。

The Curse and Blessings of Dynamic SQL

如果您对内容有任何疑问,请告诉我。

相关问题
最新问题