我有以下比较SQL代码。 这两个表都包含一个IDCodeField列。 如何仅比较IDCodeField,但如果匹配IDCodeField则返回所有字段?SQL与一列比较,但返回所有列如果匹配
目前我正在使用下面,但是,它将仅比较所有字段而不是IDCodeField。
ALTER PROCEDURE [dbo].[usp_comparetables](@table1 varchar(100),
@table2 Varchar(100), @columnlist Varchar(1000))
AS
DECLARE @sql VARCHAR(8000)
SET @sql =
'SELECT ''' + @table1 + ''' AS DataState, * FROM
(SELECT ' + @columnlist + ' FROM ' + @table1 + '
EXCEPT
SELECT ' + @columnlist + ' FROM ' + @table2 + ') x
UNION
SELECT ''' + @table2 + ''' AS DataState, * from
(SELECT ' + @columnlist + ' FROM ' + @table2 + '
INTERSECT
SELECT ' + @columnlist + ' FROM ' + @table1 +') x'
EXEC(@sql)
二手答:
DECLARE @sql VARCHAR(8000)
SET @sql =
'SELECT ''' + @table1 + ''' AS DataState, '[email protected]+' FROM ' + @table1 + ' where '[email protected]+' not in (select '[email protected]+' from '[email protected]+')
UNION ALL
SELECT ''' + @table2 + ''' AS DataState, '[email protected]+' FROM ' + @table2 + ' where '[email protected]+' not in (select '[email protected]+' from '[email protected]+')'
EXEC(@sql)
你的答案对SQL注入非常开放。 'EXEC [usp_comparetables] @ table1 ='myTable',@ table2 ='myTable2',@columnList ='''; DROP TABLE myTable;走; ''''''''只是一个简单的例子。 SQL注入似乎从来没有,直到你被它咬了一次。 – Seph