如何将where子句作为参数传递给存储过程

时间:2017-01-21 07:11:31

标签: sql sql-server stored-procedures sql-server-2012

我有一个用于分页和搜索的存储过程,我有一个参数@Condition。我需要将它传递给我的存储过程中的SQL语句,并且在where中,我已经传递了 And p.BrandID=1 And s.Store_Name='xyz' 子句

CREATE PROCEDURE [dbo].[spGetProduct]
    @DisplayLength int,
    @DisplayStart int,
    @SortCol int,
    @SortDir nvarchar(10),
    @Search nvarchar(255) = NULL,
    @Condition nvarchar(500) = NULL
as
begin
    Declare @FirstRec int, @LastRec int

    Set @FirstRec = @DisplayStart;
    Set @LastRec = @DisplayStart + @DisplayLength;

    DECLARE @ExequteSql NVARCHAR(MAX)

    SET @ExequteSql = N'

    WITH CTE_Products AS
    (
        SELECT 
            ROW_NUMBER() OVER (ORDER BY
                                      CASE WHEN (@SortCol = 3 AND @SortDir = "asc")
                                         THEN p.ProductID
                                      END ASC,
                                      CASE WHEN (@SortCol = 3 AND @SortDir = "desc")
                                         THEN p.ProductID
                                      END DESC, 
                                      CASE WHEN (@SortCol = 4 AND @SortDir = "asc")
                                              THEN s.Store_Name 
                                      END ASC, 
                                      CASE WHEN (@SortCol = 4 AND @SortDir = "desc")
                                              THEN s.Store_Name 
                                      END DESC) AS RowNum,
            COUNT(*) over() as TotalCount,
            p.*, s.Store_Name, ss.SubStore_Name
        FROM
            ((MST_Product p 
        INNER JOIN 
            MST_Store s on s.Store_ID = p.BrandID)
        INNER JOIN 
            MST_SubStore ss on ss.SubStore_ID = p.SubStore_ID)
        WHERE
            (@Search IS NULL 
             OR p.ProductID LIKE "% + @Search + %" 
             OR s.Store_Name LIKE "% + @Search + %" 
             OR ss.SubStore_Name LIKE "% + @Search + %" 
             OR p.StoreRefCode LIKE "% + @Search + %" 
             OR p.PName LIKE "% + @Search + %") ' + @Condition + '
    )
    Select * 
    from CTE_Products
    where RowNum > @FirstRec and RowNum <= @LastRec'

    EXEC SP_EXECUTESQL @ExequteSql ,N'@FirstRec INT, @LastRec INT, @Search nvarchar(255), @SortCol int, @SortDir nvarchar(10)' ,
    @FirstRec = @FirstRec ,@LastRec = @LastRec, @Search=@Search, @SortCol=@SortCol, @SortDir=@SortDir

END

但是我收到了错误

  

Msg 102,Level 15,State 1,Line 29
  &#39; p&#39;附近的语法不正确。

onLoadMoreListener

1 个答案:

答案 0 :(得分:0)

错误是因为双引号,它用于identifiers。对于字符串文字,需要使用单引号

还做了一些更改

DECLARE @FirstRec INT,
        @LastRec  INT

SET @FirstRec = @DisplayStart;
SET @LastRec = @DisplayStart + @DisplayLength;
SET @Search = '%' + @Search + '%'

DECLARE @ExequteSql NVARCHAR(MAX)

SET @ExequteSql = N'
    With CTE_Products as
    (
        Select ROW_NUMBER() over (order by  '+case @SortCol when 3 then 'p.ProductID ' when 4 then 's.Store_Name ' end +case when @SortDir = 'asc' then 'asc' else 'desc' end+')
    as RowNum,
    COUNT(*) over() as TotalCount,
    p.*, s.Store_Name, ss.SubStore_Name
    from 
    MST_Product p INNER JOIN MST_Store s on s.Store_ID = p.BrandID
    INNER JOIN MST_SubStore ss on ss.SubStore_ID = p.SubStore_ID
    where (@Search IS NULL 
        Or p.ProductID like  @Search  
        Or s.Store_Name like  @Search 
        Or ss.SubStore_Name like @Search 
        Or p.StoreRefCode like  @Search 
        Or p.PName like  @Search ) '
                  + @Condition
                  + '
    )
    Select * 
    from CTE_Products
    where RowNum > @FirstRec and RowNum <= @LastRec'

    print @ExequteSql

EXEC Sp_executesql
  @ExequteSql,
  N'@FirstRec INT, @LastRec INT, @Search nvarchar(255), @SortCol int, @SortDir nvarchar(10)',
  @FirstRec = @FirstRec,
  @LastRec = @LastRec,
  @Search=@Search,
  @SortCol=@SortCol,
  @SortDir=@SortDir

调用程序

EXEC Spgetproduct
  @DisplayLength = 1,
  @DisplayStart = 1,
  @SortCol = 3,
  @SortDir ='asc',
  @Search = 'ab',
  @Condition = ' And p.BrandID=1 And s.Store_Name=''xyz''' -- here you need to double the single quotes