如何正确地转义T-SQL查询中的字符串本身就是一个字符串

时间:2016-01-20 06:29:01

标签: sql-server tsql sql-server-2005

我试图创建一个SQL变量,它将保存一个我将通过调用

执行的SQL字符串 
EXEC(myVariable)

我有这个SQL脚本来创建存储过程但是当我在Management Studio中执行它时,它会抛出以下错误:

  

替换功能需要3个参数。

这是完整的脚本

IF NOT EXISTS(SELECT * FROM sys.objects 
              WHERE object_id = OBJECT_ID(N'SP_Test') AND type IN (N'P', N'SP_Test')) 
BEGIN
    DECLARE @CreateSP varchar(MAX) = 'CREATE  PROCEDURE [dbo].[SP_Test]       
 (@Destination varchar(100),      
 @Period varchar(8000),      
 @ItemType varchar(100),      
 @Nationality  varchar(100))   

AS      
BEGIN      
 SET NOCOUNT ON;      

 Declare @sql as nvarchar(4000)   

 set @sql = ''SELECT distinct  Country.Country_ID,Country.Name, Destination.Destination_ID, Destination.Destination_Name,
   MyTableName.Year, Region.Region_ID,  rtrim(Region.Region_Name) as Category,    
 Count(MyTableName.Allegation) as AllegCnt INTO ##MyTableName_Temp
 FROM MyTableName INNER JOIN Destination on MyTableName.Destination_ID = Destination.Destination_ID
 INNER JOIN Country on  MyTableName.Country_ID=Country.Country_ID
  INNER JOIN Region on MyTableName.Region_ID=Region.Region_ID 
  where 1=1 and Country.Lang_ID=1200 
  AND MyTableName.Country_ID NOT LIKE ''%N/A%'' AND MyTableName.Region_ID != 1''   

 if @Destination is not  null      
 set @sql = @sql + '' AND MyTableName.Destination_ID IN ('' +@Destination+'')''      


 if @Period is not null      
 set @sql = @sql + '' AND Year IN ('' +@Period+'')''      


 if @ItemType is not null      
 set @sql = @sql + '' AND MyTableName.Region_ID IN ('' +@ItemType+'')''      


 if @Nationality  is not null      
 set @sql = @sql + '' AND MyTableName.Country_ID IN ('''''' +replace(@Nationality,'','','''','''')+''''+'')''   


 set @sql = @sql + '' GROUP BY MyTableName.Year,Destination.Destination_Name, Destination.Destination_ID,Country.Country_ID,Country.Name,Region.Region_ID,  Region.Region_Name       
 ORDER BY Name desc''      

 execute(@sql)      

 EXECUTE sp_Arrange      
 ''SELECT Name as Origin, Category, Total FROM ##MyTableName_Temp'',      
 NULL,      
NULL,      
''Origin'',
 ''Total'',    
 ''SUM''         
  drop table ##MyTableName_Temp      
END'      
 EXEC(@CreateSP) 
END

看起来我没有正确地转义脚本中的字符串。

1 个答案:

答案 0 :(得分:1)

IF OBJECT_ID('dbo.SP_Test') IS NULL BEGIN

DECLARE @CreateSP varchar(MAX) = '
CREATE  PROCEDURE [dbo].[SP_Test]       
(
    @Destination varchar(100),      
    @Period varchar(8000),      
    @ItemType varchar(100),      
    @Nationality  varchar(100)
)   
AS BEGIN

 SET NOCOUNT ON;      

 Declare @sql nvarchar(4000)   

 set @sql = ''
    SELECT DISTINCT
        Country.Country_ID,Country.Name, Destination.Destination_ID, Destination.Destination_Name,
        MyTableName.Year, Region.Region_ID,  rtrim(Region.Region_Name) as Category,    
        COUNT(MyTableName.Allegation) as AllegCnt
    INTO ##MyTableName_Temp
    FROM MyTableName
    JOIN Destination on MyTableName.Destination_ID = Destination.Destination_ID
    JOIN Country on MyTableName.Country_ID=Country.Country_ID
    JOIN Region on MyTableName.Region_ID=Region.Region_ID 
    WHERE Country.Lang_ID=1200 
        AND MyTableName.Country_ID NOT LIKE ''''%N/A%''''
        AND MyTableName.Region_ID != 1''   

 if @Destination is not  null      
 set @sql = @sql + '' AND MyTableName.Destination_ID IN ('' +@Destination+'')''      

 if @Period is not null      
 set @sql = @sql + '' AND Year IN ('' +@Period+'')''      

 if @ItemType is not null      
 set @sql = @sql + '' AND MyTableName.Region_ID IN ('' +@ItemType+'')''      

 if @Nationality  is not null      
 set @sql = @sql + '' AND MyTableName.Country_ID IN ('''''' +replace(@Nationality,'','','''')+''''+'')''   

 set @sql = @sql + '' GROUP BY MyTableName.Year,Destination.Destination_Name, Destination.Destination_ID,Country.Country_ID,Country.Name,Region.Region_ID,  Region.Region_Name       
 ORDER BY Name desc''      

 EXEC(@sql)      

 EXEC sp_Arrange      
    ''SELECT Name as Origin, Category, Total FROM ##MyTableName_Temp'',      
    NULL,      
    NULL,      
    ''Origin'',
    ''Total'',    
    ''SUM''

  drop table ##MyTableName_Temp

END'      

    --PRINT @CreateSP

    EXEC(@CreateSP)

END
相关问题
最新问题