SQL NOT LIKE 动态参数 sql
SQL parameter in NOT LIKE dynamic sql
带有 NOT LIKE 的动态 SQL 由于某种原因不接受传入的参数。如果我不将参数传递给动态调用,而是使用其中的单词构建字符串,它就会工作
出于某种原因,此调用不适用于删除的 NOT LIKE 中的 @noteText 参数,并最终从临时 table 中删除所有内容。
当传入带有撇号的单词时,我需要以下内容,因为构建它会动态抛出无效字符串引号的错误。
declare @bsearchbody bit=1
declare @bsearchtitle bit =0
declare @notetext varchar(10)='that''s'
create table #matched( id int,note varchar(800),title varchar(800))
INSERT INTO #matched
select 1,'this is just a test. that''s fun.','test1'
UNION ALL
SELECT 2,' note on the ID','the is just a title'
UNION ALL
SELECT 3,'I watched basketball last night','basketball type'
declare @vchsql nvarchar(1000)=N'
DELETE from #matched
WHERE 1=1 AND (' + CASE WHEN @bSearchBody=1 THEN 'ISNULL(note,'''') NOT LIKE ''%@noteText%''' ELSE '' END +
CASE WHEN @bSearchBody=1 AND @bSearchTitle=1 THEN ' AND ' ELSE '' END +
CASE WHEN @bSearchTitle=1 THEN 'ISNULL(title,'''') NOT LIKE
''%@noteText%''' ELSE '' END +
')'
print @vchsql
exec sp_executesql @vchsql,N'@notetext varchar(10)',@notetext
当参数@notetext 和动态 sql 看起来像这样(当单词中没有撇号时)时,脚本有效。
declare @bsearchbody bit=1
declare @bsearchtitle bit =0
declare @notetext varchar(10)='test'
create table #matched( id int,note varchar(800),title varchar(800))
INSERT INTO #matched
select 1,'this is just a test.','test1'
UNION ALL
SELECT 2,' note on the ID','the is just a title'
UNION ALL
SELECT 3,'I watched basketball last night','basketball type'
declare @vchsql nvarchar(1000)=N'
DELETE from #matched
WHERE 1=1 AND (' + CASE WHEN @bSearchBody=1 THEN 'ISNULL(note,'''') NOT LIKE ''%'+ @noteText+ '%''' ELSE '' END +
CASE WHEN @bSearchBody=1 AND @bSearchTitle=1 THEN ' AND ' ELSE '' END +
CASE WHEN @bSearchTitle=1 THEN 'ISNULL(title,'''') NOT LIKE ''%@noteText%''' ELSE '' END +
')'
print @vchsql
exec sp_executesql @vchsql,N'@notetext varchar(10)',@notetext
问题是 SQL 将值解释为字符串而不是参数。因此,构建模式。而不是:
'ISNULL(title, '''') NOT LIKE ''%@noteText%'''
使用:
'COALESCE(title, '''') NOT LIKE ''%'' + @noteText + ''%'''
带有 NOT LIKE 的动态 SQL 由于某种原因不接受传入的参数。如果我不将参数传递给动态调用,而是使用其中的单词构建字符串,它就会工作
出于某种原因,此调用不适用于删除的 NOT LIKE 中的 @noteText 参数,并最终从临时 table 中删除所有内容。 当传入带有撇号的单词时,我需要以下内容,因为构建它会动态抛出无效字符串引号的错误。
declare @bsearchbody bit=1
declare @bsearchtitle bit =0
declare @notetext varchar(10)='that''s'
create table #matched( id int,note varchar(800),title varchar(800))
INSERT INTO #matched
select 1,'this is just a test. that''s fun.','test1'
UNION ALL
SELECT 2,' note on the ID','the is just a title'
UNION ALL
SELECT 3,'I watched basketball last night','basketball type'
declare @vchsql nvarchar(1000)=N'
DELETE from #matched
WHERE 1=1 AND (' + CASE WHEN @bSearchBody=1 THEN 'ISNULL(note,'''') NOT LIKE ''%@noteText%''' ELSE '' END +
CASE WHEN @bSearchBody=1 AND @bSearchTitle=1 THEN ' AND ' ELSE '' END +
CASE WHEN @bSearchTitle=1 THEN 'ISNULL(title,'''') NOT LIKE
''%@noteText%''' ELSE '' END +
')'
print @vchsql
exec sp_executesql @vchsql,N'@notetext varchar(10)',@notetext
当参数@notetext 和动态 sql 看起来像这样(当单词中没有撇号时)时,脚本有效。
declare @bsearchbody bit=1
declare @bsearchtitle bit =0
declare @notetext varchar(10)='test'
create table #matched( id int,note varchar(800),title varchar(800))
INSERT INTO #matched
select 1,'this is just a test.','test1'
UNION ALL
SELECT 2,' note on the ID','the is just a title'
UNION ALL
SELECT 3,'I watched basketball last night','basketball type'
declare @vchsql nvarchar(1000)=N'
DELETE from #matched
WHERE 1=1 AND (' + CASE WHEN @bSearchBody=1 THEN 'ISNULL(note,'''') NOT LIKE ''%'+ @noteText+ '%''' ELSE '' END +
CASE WHEN @bSearchBody=1 AND @bSearchTitle=1 THEN ' AND ' ELSE '' END +
CASE WHEN @bSearchTitle=1 THEN 'ISNULL(title,'''') NOT LIKE ''%@noteText%''' ELSE '' END +
')'
print @vchsql
exec sp_executesql @vchsql,N'@notetext varchar(10)',@notetext
问题是 SQL 将值解释为字符串而不是参数。因此,构建模式。而不是:
'ISNULL(title, '''') NOT LIKE ''%@noteText%'''
使用:
'COALESCE(title, '''') NOT LIKE ''%'' + @noteText + ''%'''