1

需要您对此代码的建议...我有客户的表登录信息。我正在使用 SQL Server。一切正常,除了当我输入带有数字作为@password 值的 apphabet 时,我不断收到错误,而只有数字没有错误。请帮我找出错误!!!!

    CREATE PROCEDURE [dbo].[usp_login] 
    @customer_id numeric(5,0) = -1,     
    @password nchar(20) = '',           
    @customer_level numeric(2,0) = -1   
AS

BEGIN
    SET NOCOUNT ON;

    DECLARE @SQL AS varchar(300)
    DECLARE @WHERE1 AS varchar(200) = ''

    SET @SQL = 'SELECT *FROM Login'

    IF (@customer_id != -1)
    BEGIN
        SET @WHERE1 = @WHERE1 + 'id=' +  CONVERT(varchar,@customer_id)
    END

    IF (@password != '')
    BEGIN
        IF (@WHERE1 != '')
            SET @WHERE1 = @WHERE1 + ' and ' 
        SET @WHERE1 = @WHERE1 + 'password=' + @password
    END

    IF (@customer_level != -1)
    BEGIN
        IF (@WHERE1 != '')
            SET @WHERE1 = @WHERE1 + ' and ' 
        SET @WHERE1 = @WHERE1 + 'customer_level=' +  CONVERT(varchar,@customer_level)
    END


    IF (@WHERE1 != '')
        SET @SQL = @SQL + ' where ' + @WHERE1

    EXEC(@SQL)
    RETURN @@ROWCOUNT

END
4

1 回答 1

0

由于您正在执行动态 sql,因此您需要用单引号包裹字符串类型。

--Problems starts here
SET @WHERE1 = @WHERE1 + 'password=' + @password

--You can correct it as below
SET @WHERE1 = @WHERE1 + 'password=''' + @password + ''''
于 2013-02-18T08:55:13.393 回答