'set Dynamic sql 查询附近的语法不正确
Incorrect syntax near 'set Dynamic sql query
/* 当我在 sql 服务器中执行此过程时它执行正确但是当我通过编码执行时我得到这个错误 "Incorrect syntax near set"
提前致谢*/
ALTER PROCEDURE [dbo].[updateCitationTrust]
@tblName varchar(50),
@updatedTableName varchar(50)
AS
DECLARE @sql NVARCHAR(4000)
Declare @ParamDefinition AS NVarchar(2000)
BEGIN
--BEGIN TRANSACTION
set @sql='Update '+@updatedTableName+ ' set [Citation Flow]=m2.[Citation Flow],'+
' [Trust Flow]=m2.[Trust Flow]'+
' FROM '+ @updatedTableName+ ' m1 '+
' INNER JOIN '+ @tblName+' m2'+
' on m1.[Linking Domain]=m2.[Item]'
Set @ParamDefinition = '@tblName varchar(50),
@updatedTableName varchar(50)'
Execute sp_Executesql @sql,
@ParamDefinition,
@tblName,
@updatedTableName
If @@ERROR <> 0 GoTo ErrorHandler
Set NoCount OFF
Return(0)
ErrorHandler:
Return(@@ERROR)
END
如果作为参数值传递的对象名称不符合常规标识符的规则 (https://msdn.microsoft.com/en-us/library/ms175874.aspx?f=255&MSPPError=-2147217396),则需要用引号引起来。使用 QUOTENAME 函数。这也将降低 SQL 注入的风险。
ALTER PROCEDURE [dbo].[updateCitationTrust]
@tblName varchar(50),
@updatedTableName varchar(50)
AS
DECLARE @sql NVARCHAR(4000)
Declare @ParamDefinition AS NVarchar(2000)
BEGIN
--BEGIN TRANSACTION
set @sql='Update '+QUOTENAME(@updatedTableName)+ ' set [Citation Flow]=m2.[Citation Flow],'+
' [Trust Flow]=m2.[Trust Flow]'+
' FROM '+ QUOTENAME(@updatedTableName)+ ' m1 '+
' INNER JOIN '+ QUOTENAME(@tblName)+' m2'+
' on m1.[Linking Domain]=m2.[Item]'
Set @ParamDefinition = '@tblName varchar(50),
@updatedTableName varchar(50)'
Execute sp_Executesql @sql,
@ParamDefinition,
@tblName,
@updatedTableName
If @@ERROR <> 0 GoTo ErrorHandler
Set NoCount OFF
Return(0)
ErrorHandler:
Return(@@ERROR)
END
/* 当我在 sql 服务器中执行此过程时它执行正确但是当我通过编码执行时我得到这个错误 "Incorrect syntax near set" 提前致谢*/
ALTER PROCEDURE [dbo].[updateCitationTrust]
@tblName varchar(50),
@updatedTableName varchar(50)
AS
DECLARE @sql NVARCHAR(4000)
Declare @ParamDefinition AS NVarchar(2000)
BEGIN
--BEGIN TRANSACTION
set @sql='Update '+@updatedTableName+ ' set [Citation Flow]=m2.[Citation Flow],'+
' [Trust Flow]=m2.[Trust Flow]'+
' FROM '+ @updatedTableName+ ' m1 '+
' INNER JOIN '+ @tblName+' m2'+
' on m1.[Linking Domain]=m2.[Item]'
Set @ParamDefinition = '@tblName varchar(50),
@updatedTableName varchar(50)'
Execute sp_Executesql @sql,
@ParamDefinition,
@tblName,
@updatedTableName
If @@ERROR <> 0 GoTo ErrorHandler
Set NoCount OFF
Return(0)
ErrorHandler:
Return(@@ERROR)
END
如果作为参数值传递的对象名称不符合常规标识符的规则 (https://msdn.microsoft.com/en-us/library/ms175874.aspx?f=255&MSPPError=-2147217396),则需要用引号引起来。使用 QUOTENAME 函数。这也将降低 SQL 注入的风险。
ALTER PROCEDURE [dbo].[updateCitationTrust]
@tblName varchar(50),
@updatedTableName varchar(50)
AS
DECLARE @sql NVARCHAR(4000)
Declare @ParamDefinition AS NVarchar(2000)
BEGIN
--BEGIN TRANSACTION
set @sql='Update '+QUOTENAME(@updatedTableName)+ ' set [Citation Flow]=m2.[Citation Flow],'+
' [Trust Flow]=m2.[Trust Flow]'+
' FROM '+ QUOTENAME(@updatedTableName)+ ' m1 '+
' INNER JOIN '+ QUOTENAME(@tblName)+' m2'+
' on m1.[Linking Domain]=m2.[Item]'
Set @ParamDefinition = '@tblName varchar(50),
@updatedTableName varchar(50)'
Execute sp_Executesql @sql,
@ParamDefinition,
@tblName,
@updatedTableName
If @@ERROR <> 0 GoTo ErrorHandler
Set NoCount OFF
Return(0)
ErrorHandler:
Return(@@ERROR)
END