我的存储过程如下所示:
Alter PROCEDURE [dbo].[productfilter_whatsnew]
@query1 nvarchar(max),
@query2 nvarchar(max),
@date date,
@pid varchar(5)
AS
select *
FROM Productcolorimage pci
where entry_date > @date
and selectproduct = @pid + ' ' + @query1
order by @'@query2'
GO
我的函数传递值
public DataTable productfilter_whatsnew(ProductBAL objbal)
{
DataTable dt = new DataTable();
using (SqlConnection conn = new SqlConnection(strconn))
{
conn.Open();
SqlCommand cmd = new SqlCommand("productfilter_whatsnew", conn);
cmd.CommandType = CommandType.StoredProcedure;
SqlParameter[] para = {
new SqlParameter("@query1","and colorid in('3')"),
new SqlParameter("@query2","pid ASC"),
new SqlParameter("@date","14-09-2013"),
new SqlParameter("@pid","1")
};
try
{
cmd.Parameters.AddRange(para);
SqlDataAdapter d = new SqlDataAdapter(cmd);
d.Fill(dt);
conn.Close();
}
catch (Exception ex)
{
throw ex;
}
}
return dt;
}
但是在放置 @query1 和 @query2 时显示不同的错误...
最佳答案
如果您确实想要执行此操作,请使用动态 SQL。但请务必阅读 SQL Injection首先。
alter procedure [dbo].[productfilter_whatsnew]
(
@query1 nvarchar(max),
@query2 nvarchar(max),
@date date,
@pid varchar(5)
)
as
begin
declare @stmt nvarchar(max)
select @stmt= '
select *
from Productcolorimage as pci
where entry_date > @date and selectproduct = @pid'
select @stmt = @stmt + ' ' + @query1
select @stmt = @stmt + ' order by ' + @query2
-- passing parameters into sp by names, easier to maintain in the future
exec sp_executesql
@stmt = @stmt,
@params = N'@date date, @pid varchar(5)',
@date = @date,
@pid = @pid;
end
关于c# - 在SQL Server中的存储过程中进行查询但出现一些错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18801346/