好的,我现在已经搞乱了一段时间,但我似乎无法让它发挥作用。那,或者只是不可能
鉴于以下T-SQL,我想删除<>标签并使用Alias内部的内容。可能?我正在考虑使用嵌套替换来剥离它,但不知道如何将结果用作别名。整个目标是在SET语句中定义html标记,并让它自动填充表变量中的别名和列指示符。如果有一个更好/更简单的方法不像xpath那样参与,我就是开放的。
Use Database
DECLARE @First VARCHAR(15), @Second VARCHAR(15),@XMLTag varchar(15)
SET @First = '<InstrumentID>'
SET @Second = '</InstrumentID>'
SET @XMLTag = Replace(Replace,@first,'<',''),@first,'>','')
select *
from
(
SELECT out_interface_id, msg_id ,
SUBSTRING(xml_msg, CHARINDEX(@First, xml_msg) + LEN(@First),
CHARINDEX(@Second, xml_msg) -
CHARINDEX(@First, xml_msg) -
LEN(@First)) as @XMLTag,
msg_type, xml_msg, CAST(xml_msg AS XML) as [Quick_XML],
date_received,status, last_modified, environment,
transaction_closed_date
from Table1 with (nolock)
where msg_type in ('BALMIS','ACCTV21')
and date_received >= CAST(GETDATE() -1 as DATE)
and date_received < CAST(GETDATE() as DATE)
) x
where x.@XMLTag = 'ABC123'
order by date_received desc
答案 0 :(得分:1)
要拥有动态别名,您需要动态SQL。
在VARCHAR(MAX)变量中构建查询后,您可以使用 过程sp_executesql来执行构建的查询。
DECLARE @DynamicSQL NVARCHAR(MAX)
DECLARE @First VARCHAR(15)
SELECT @First = '<InstrumentID>'
SELECT @DynamicSQL = 'SELECT ''WhatEver'' AS ' + REPLACE(REPLACE(@First, '<', ''), '>', '') + '
FROM [InsertYourFromStatementHere]
WHERE x.@XMLTag = ''ABC123''
ORDER BY date_received DESC'
PRINT @DynamicSQL
EXEC sp_executesql @DynamicSQL
执行上面的查询,它将失败,因为[InsertYourFromStatementHere]和x不存在。但是,您将在输出中看到生成的动态SQL。修改查询,直到获得一个运行并执行所需操作的查询。
要知道这为SQL注入打开了一扇门。