从XML字符串中剥离标记并将其用作Alias

时间:2016-02-22 21:46:56

标签: sql-server sql-server-2008 sql-server-2008-r2 sql-server-2012

好的,我现在已经搞乱了一段时间,但我似乎无法让它发挥作用。那,或者只是不可能

鉴于以下T-SQL,我想删除<>标签并使用Alias内部的内容。可能?我正在考虑使用嵌套替换来剥离它,但不知道如何将结果用作别名。整个目标是在SET语句中定义html标记,并让它自动填充表变量中的别名和列指示符。如果有一个更好/更简单的方法不像xpath那样参与,我就是开放的。 

Use Database
DECLARE @First VARCHAR(15), @Second VARCHAR(15),@XMLTag varchar(15)
SET @First = '<InstrumentID>'
SET @Second = '</InstrumentID>'
SET @XMLTag = Replace(Replace,@first,'<',''),@first,'>','') 

select *
from 
(
        SELECT out_interface_id, msg_id , 
        SUBSTRING(xml_msg, CHARINDEX(@First, xml_msg) + LEN(@First), 
                 CHARINDEX(@Second, xml_msg) - 
                 CHARINDEX(@First, xml_msg) - 
                 LEN(@First)) as @XMLTag,
        msg_type, xml_msg, CAST(xml_msg AS XML) as [Quick_XML], 
        date_received,status, last_modified, environment,
        transaction_closed_date
        from Table1 with (nolock)
        where msg_type in ('BALMIS','ACCTV21') 
        and date_received >= CAST(GETDATE() -1 as DATE)
        and date_received < CAST(GETDATE() as DATE)
) x
where x.@XMLTag = 'ABC123'
order by date_received desc

1 个答案:

答案 0 :(得分:1)

要拥有动态别名,您需要动态SQL。

在VARCHAR(MAX)变量中构建查询后,您可以使用 过程sp_executesql来执行构建的查询。 

DECLARE @DynamicSQL NVARCHAR(MAX)
DECLARE @First VARCHAR(15)
SELECT  @First = '<InstrumentID>'

SELECT @DynamicSQL = 'SELECT ''WhatEver'' AS ' + REPLACE(REPLACE(@First, '<', ''), '>', '') + '
                      FROM [InsertYourFromStatementHere]
                      WHERE x.@XMLTag = ''ABC123''
                      ORDER BY date_received DESC'

PRINT @DynamicSQL

EXEC sp_executesql @DynamicSQL

执行上面的查询,它将失败,因为[InsertYourFromStatementHere]和x不存在。但是,您将在输出中看到生成的动态SQL。修改查询,直到获得一个运行并执行所需操作的查询。

要知道这为SQL注入打开了一扇门。

相关问题
最新问题