以下是基于查询的sp:
DECLARE @GLOBALPATIENTACCOUNT VARCHAR(25)
DECLARE @Page_Index BIGINT
DECLARE @Page_Size BIGINT
DECLARE @practice_code VARCHAR(20)
DECLARE @dateFrom VARCHAR(20)
DECLARE @dateTo VARCHAR(20)
DECLARE @startFrom VARCHAR(20)
DECLARE @startTo VARCHAR(20)
DECLARE @Total_Record DECIMAL(34, 1)
DECLARE @Total_Pages DECIMAL(34, 1)
DECLARE @From_row BIGINT
DECLARE @To_row BIGINT
SET @GLOBALPATIENTACCOUNT = '999090999510103196'
SET @Page_Index = 1
SET @Page_Size = 30
SET @practice_code = 9090999
SET @dateFrom = '09/13/2014'
SET @dateTo = '10/13/2014'
SET @startFrom = 'null'
SET @startTo = 'null'
DECLARE @sqlstr AS varchar (max)
set @sqlstr='';
SET @sqlstr =@sqlstr +N'select CREATED_DTAE, DOCUMENT_CATEGORY_ID, DESCRIPTION, DOCUMENT_NAME, SHOW_ON_WEB, VIEW_BY_PATIENT, VIEW_DATE, NO_OF_IMAGES, DOCUMENT_STATUS_ID, DOCUMENT_STATUS_DESCRIPTION,
PATIENT_DOCUMENT_ID,ISDICOM,PATIENT_ACCOUNT,DOCUMENT_INDEX, ASSIGNED_TO,
CONTENT_START_DATE, COMMENTS,CHART_ID,LAST_NAME,FIRST_NAME, CONTENT_END_DATE,CREATED_BY,[CREATED DATE], MODIFIED_BY,MODIFIED_DATE,DELETED,SOURCE_PATH,CONFIDENTIAL,
DOC_UPLOAD_NAME,DOC_UPLOAD_STATUS,IS_MISC_DOC,BUTTON,SIGNED,SIGNED_BY,SIGNED_DATE, PRACTICE_CODE
into #temptbl
FROM
(
SELECT ISNULL(CREATED_DTAE,'''')as CREATED_DTAE , PATIENT_DOCUMENTS.DOCUMENT_CATEGORY_ID, ISNULL(UPPER(DT.DESCRIPTION),'''')as DESCRIPTION,
ISNULL(PATIENT_DOCUMENTS.DOCUMENT_NAME,'''') as DOCUMENT_NAME,
ISNULL(PATIENT_DOCUMENTS.SHOW_ON_WEB,''0'') AS SHOW_ON_WEB, ISNULL(PATIENT_DOCUMENTS.VIEW_BY_PATIENT,''0'') AS VIEW_BY_PATIENT,
ISNULL(CONVERT(VARCHAR(10),PATIENT_DOCUMENTS.VIEW_DATE,101),'''') AS VIEW_DATE, ISNULL(PATIENT_DOCUMENTS.NO_OF_IMAGES,''0'') AS NO_OF_IMAGES,
ISNULL((CONVERT(VARCHAR(12), CASE PATIENT_DOCUMENTS.DOCUMENT_STATUS_ID WHEN 0 THEN NULL ELSE PATIENT_DOCUMENTS.DOCUMENT_STATUS_ID END )),'''') AS DOCUMENT_STATUS_ID,
ISNULL(UPPER(DOCUMENTS_STATUS.DOCUMENT_STATUS_DESCRIPTION),'''') DOCUMENT_STATUS_DESCRIPTION , PATIENT_DOCUMENTS.PATIENT_DOCUMENT_ID,
ISNULL(PATIENT_DOCUMENTS.ISDICOM,''0'') ISDICOM, PATIENT_DOCUMENTS.PATIENT_ACCOUNT, ISNULL(PATIENT_DOCUMENTS.DOCUMENT_INDEX,0) DOCUMENT_INDEX, ISNULL(PATIENT_DOCUMENTS.ASSIGNED_TO,'''') ASSIGNED_TO ,
CONVERT(VARCHAR,PATIENT_DOCUMENTS.CONTENT_START_DATE,101) CONTENT_START_DATE, REPLACE (PATIENT_DOCUMENTS.COMMENTS,CHAR(10),'' '') AS COMMENTS, PATIENT.CHART_ID, UPPER(PATIENT.LAST_NAME)LAST_NAME,UPPER(PATIENT.FIRST_NAME) FIRST_NAME ,
CONVERT(VARCHAR,PATIENT_DOCUMENTS.CONTENT_END_DATE,101) CONTENT_END_DATE, ISNULL(UPPER(PATIENT_DOCUMENTS.CREATED_BY),'''') CREATED_BY,
CONVERT(VARCHAR,CREATED_DTAE,101) +'' ''+ LTRIM(SUBSTRING(CONVERT(VARCHAR,(CONVERT(DATETIME,CREATED_DTAE)),109),13,5))+'' ''+ SUBSTRING(CONVERT(VARCHAR,(CONVERT(DATETIME,CREATED_DTAE)),109),25,2) AS [CREATED DATE],
ISNULL(UPPER(PATIENT_DOCUMENTS.MODIFIED_BY),'''') MODIFIED_BY,
ISNULL(CONVERT(VARCHAR,PATIENT_DOCUMENTS.MODIFIED_DATE,101),'''') +'' ''+ LTRIM(SUBSTRING(CONVERT(VARCHAR,(CONVERT(DATETIME,PATIENT_DOCUMENTS.MODIFIED_DATE)),109),13,5))+'' ''+ SUBSTRING(CONVERT(VARCHAR,(CONVERT(DATETIME,PATIENT_DOCUMENTS.MODIFIED_DATE)),109),25 ,2) AS MODIFIED_DATE,PATIENT_DOCUMENTS.DELETED,ISNULL(PATIENT_DOCUMENTS.SOURCE_PATH,'''') SOURCE_PATH,ISNULL(PATIENT_DOCUMENTS.CONFIDENTIAL,0) CONFIDENTIAL,ISNULL(PATIENT_DOCUMENTS.DOC_UPLOAD_NAME,'''') DOC_UPLOAD_NAME,
ISNULL(PATIENT_DOCUMENTS.DOC_UPLOAD_STATUS,'''') DOC_UPLOAD_STATUS,CONVERT(BIT,''FALSE'') IS_MISC_DOC,'''' AS BUTTON,
PATIENT_DOCUMENTS.Signed SIGNED, PATIENT_DOCUMENTS.Sign_by SIGNED_BY, PATIENT_DOCUMENTS.Sign_date SIGNED_DATE,
PATIENT.PRACTICE_CODE AS PRACTICE_CODE
FROM PATIENT, PATIENT_DOCUMENTS
LEFT OUTER JOIN DOCUMENTS_STATUS ON PATIENT_DOCUMENTS.DOCUMENT_STATUS_ID = DOCUMENTS_STATUS.DOCUMENT_STATUS_ID,
DOCUMENT_CATEGORIES DT
WHERE PATIENT_DOCUMENTS.DOCUMENT_CATEGORY_ID = DT.DOCUMENT_CATEGORY_ID
AND PATIENT_DOCUMENTS.PATIENT_ACCOUNT = PATIENT.PATIENT_ACCOUNT AND PATIENT.Patient_GlobalId= ''' + @GLOBALPATIENTACCOUNT +'''
AND ISNULL(PATIENT.DELETED,0) <> 1
AND ISNULL(PATIENT_DOCUMENTS.DELETED, 0) <> 1
AND PATIENT.PRACTICE_CODE <> ''' + @practice_code + '''
AND PATIENT_DOCUMENTS.confidential <> 1 '
--print @sqlstr
IF (@dateFrom <> 'null')
BEGIN
SET @sqlstr = @sqlstr + ' and CONVERT(VARCHAR,ISNULL(PATIENT_DOCUMENTS.CREATED_DTAE,''''),101) >= CONVERT(VARCHAR,isnull( ''' + @dateFrom + ''',''''),101) and CONVERT(VARCHAR,ISNULL(PATIENT_DOCUMENTS.CREATED_DTAE,''''),101) <= CONVERT(VARCHAR,ISNULL(''' + @dateTo + ''',''''),101)'
--print @sqlstr
END
IF(@startFrom <> 'null')
BEGIN
SET @sqlstr = @sqlstr + ' CONVERT(VARCHAR,ISNULL(PATIENT_DOCUMENTS.CONTENT_START_DATE,''''),101) >= CONVERT(VARCHAR,ISNULL(''' + @startFrom + ''',''''),101) and CONVERT(VARCHAR,ISNULL(PATIENT_DOCUMENTS.CONTENT_START_DATE,''''),101) <= CONVERT(VARCHAR,isnull(''' + @startTo + ''',''''),101)'
END
SET @sqlstr = @sqlstr + 'UNION ALL
SELECT ISNULL(DOCUMENTS.CREATED_DATE,'''') AS CREATED_DTAE, CATAGORY_TYPE_ID AS DOCUMENT_CATEGORY_ID, ISNULL(DOCUMENT_CATEGORIES.DESCRIPTION,'''') DESCRIPTION,
(SELECT TOP 1 DOCUMENTS_CATEGORY_MAIN_PATH FROM DOCUMENTS_CATEGORY_MAIN WHERE DOCUMENTS_CATEGORY_MAIN_DESCRIPTION=''ATTACHMENTS'' )+''\'' +DOCUMENTS.FILE_NAME_FORPATH AS [DOCUMENT_NAME], isnull(DOCUMENTS.SHOW_ON_WEB,0) AS SHOW_ON_WEB,''0'' AS VIEW_BY_PATIENT
,ISNULL(NULL,'''') AS VIEW_DATE, ''0'' AS NO_OF_IMAGES,ISNULL(DOCUMENTS.DOCUMENT_STATUS_ID,'''') DOCUMENT_STATUS_ID,ISNULL(DOCUMENTS_STATUS.DOCUMENT_STATUS_DESCRIPTION,'''') DOCUMENT_STATUS_DESCRIPTION, DOC_ID AS PATIENT_DOCUMENT_ID,
ISNULL(NULL,''0'') AS ISDICOM, DOCUMENTS.PATIENT_ACCOUNT, ISNULL(NULL,0) AS DOCUMENT_INDEX,ISNULL(DOCUMENTS.ASSIGNED_TO,'''') ASSIGNED_TO, CONVERT(VARCHAR,DOCUMENTS.CONTENT_START_DATE,101) AS CONTENT_START_DATE,
ISNULL(DOCUMENTS.NOTES,'''') AS COMMENTS, '''' AS CHART_ID, UPPER(PM.LAST_NAME)LAST_NAME,UPPER(PM.FIRST_NAME) FIRST_NAME,
ISNULL(CONVERT(VARCHAR,DOCUMENTS.CONTENT_END_DATE,101),'''') AS CONTENT_END_DATE, ISNULL(DOCUMENTS.CREATED_BY,'''') CREATED_BY, ISNULL(DOCUMENTS.CREATED_DATE,'''') AS [CREATED DATE],
ISNULL(DOCUMENTS.MODIFIED_BY,'''') MODIFIED_BY, ISNULL(DOCUMENTS.MODIFIED_DATE,'''') MODIFIED_DATE, DOCUMENTS.DELETED, '''' AS SOURCE_PATH, ISNULL(DOCUMENTS.CONFIDENTIAL,0) CONFIDENTIAL, '''' AS DOC_UPLOAD_NAME, '''' AS DOC_UPLOAD_STATUS,
CONVERT(BIT,''TRUE'') IS_MISC_DOC,'''' AS BUTTON , DOCUMENTS.SIGNED AS SIGNED, DOCUMENTS.SIGN_BY AS SIGNED_BY, DOCUMENTS.SIGN_DATE AS SIGNED_DATE,
PM.PRACTICE_CODE AS PRACTICE_CODE
FROM PATIENT_DOCUMENTS_OTHERS DOCUMENTS
LEFT OUTER JOIN DOCUMENT_CATEGORIES ON DOCUMENTS.CATAGORY_TYPE_ID=DOCUMENT_CATEGORIES.DOCUMENT_CATEGORY_ID
INNER JOIN DOCUMENTS_CATEGORY_MAIN DCM ON DOCUMENTS.DOCUMENTS_CATEGORY_MAIN_ID =DCM.DOCUMENTS_CATEGORY_MAIN_ID
INNER JOIN PATIENT PM ON PM.PATIENT_ACCOUNT=DOCUMENTS.PATIENT_ACCOUNT
LEFT OUTER JOIN DOCUMENTS_STATUS ON DOCUMENTS_STATUS.DOCUMENT_STATUS_ID=DOCUMENTS.DOCUMENT_STATUS_ID
left outer join PATIENT_DOCUMENTS on DOCUMENTS.Doc_Id=PATIENT_DOCUMENTS.PATIENT_DOCUMENT_ID
WHERE ISNULL(DOCUMENTS.DELETED,0)<>1
AND PM.Patient_GlobalId='''+ @GLOBALPATIENTACCOUNT + ''' AND PM.PRACTICE_CODE<>''' + @practice_code + ''' and DOCUMENTS.confidential<>1'
IF(@dateFrom <> 'null')
BEGIN
SET @sqlstr = @sqlstr + 'and ISNULL(CONVERT(VARCHAR,PATIENT_DOCUMENTS.CREATED_DTAE,101),'''') >= ISNULL(CONVERT(VARCHAR,''' + @dateFrom + ''',101),'''') and ISNULL(CONVERT(VARCHAR,PATIENT_DOCUMENTS.CREATED_DTAE,101),'''')<=ISNULL(CONVERT(VARCHAR,''' + @dateTo + ''',101),'''')'
END
IF (@startFrom <> 'null')
BEGIN
SET @sqlstr = @sqlstr + 'CONVERT(VARCHAR,PATIENT_DOCUMENTS.CONTENT_START_DATE,101) >= CONVERT(VARCHAR,''' + @startFrom + ''',101) and CONVERT(VARCHAR,PATIENT_DOCUMENTS.CONTENT_START_DATE,101)<=CONVERT(VARCHAR,''' + @startTo + ''',101)'
END
SET @sqlstr = @sqlstr + ') PatDocTable order by PRACTICE_CODE,CREATED_DTAE desc '
EXECUTE sp_executesql @statement = @sqlstr
PRINT @sqlstr
它给了我错误过程需要'ntext / nchar / nvarchar'类型的参数'@statement',但当我更改数据类型 @sqlstr AS nvarchar时(最大),错误省略,但它转换了我的查询。请帮我解决一下?
答案 0 :(得分:20)
以下是可能的解决方案之一:
将您的@sqlstr
转换为varchar(max)
,而不是EXECUTE sp_executesql
,使用EXECUTE(@strsql)
。这样您就可以获得完整的打印查询,它也将执行您的查询。希望它有所帮助。
答案 1 :(得分:12)
sp_executesql 将 NVARCHAR 作为参数而非 VARCHAR ,将varchar(max)
更改为nvarchar(max)
将解决问题。
DECLARE @sqlstr AS nvarchar (max)
答案 2 :(得分:8)
当您使用命令exec sp_executesql 时,将变量声明为nvarchar类型。以上您使用varchar作为@sqlstr变量。
例如
Declare @Sqlstr nvarchar(max)
SET @Sqlstr='...Your dynamic query...'
exec sp_executesql @Sqlstr
注意:不要在exec命令中使用括号
答案 3 :(得分:0)
使用sp_executesql是这类查询的非常好的选择,对于sql注入它不是很友好。
例如:
DECLARE @sqlString nvarchar(500);
DECLARE @paramDefinition nvarchar(500);
DECLARE @sid = 12546;
SET @sqlString = 'select * from SameTableBase S Where S.Id = @id';
EXECUTE sp_executesql @sqlString , @paramDefinition , @id = @sid