我有一个动态查询其内容是这样SQL SERVER 2008动态查询问题
Alter PROCEDURE dbo.mySP
-- Add the parameters for the stored procedure here
(
@DBName varchar(50),
@tblName varchar(50)
)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
declare @string as varchar(50)
declare @string1 as varchar(50)
set @string1 = '[' + @DBName + ']' + '.[dbo].' + '[' + @tblName + ']'
set @string = 'select * from ' + @string1
exec @string
END
我打电话这样
dbo.mySP 'dbtest1','tblTest'
而且我遇到一个错误
"Msg 203, Level 16, State 2, Procedure mySP, Line 27
The name 'select * from [dbtest1].[dbo].[tblTest]' is not a valid identifier."
什么是wr翁?和如何克服?提前
感谢
我真希望你正在检查SQL注入的地方... – GilaMonster 2009-09-21 12:39:51
我不愿意认为任何人都会考虑写这样的sp。请阅读: http://www.sommarskog.se/dynamic_sql.html – HLGEM 2009-09-21 14:37:57