我有一个存储过程来搜索数据库中的数据,参数如下:
CREATE PROCEDURE [dbo].[Rintis_SearchPayment]
-- Add the parameters for the stored procedure here
@payIDin as int,
@PayAccountin as varchar(10),
@PayCustNamein as varchar(30),
@PayAmountin as int,
@PayAmountPaidin as int,
@PayResponsein as char (2),
@PayRefNoin as varchar (120),
@PayScreenTextin as varchar (100),
@PayReceiptTextin as varchar (350),
@PayDatetimein as datetime,
@PayBankCodein as varchar (6),
@payIDou as int,
@PayAccountou as varchar(10),
@PayCustNameou as varchar(30),
@PayAmountou as int,
@PayAmountPaidou as int,
@PayResponseou as char (2),
@PayRefNoou as varchar (120),
@PayScreenTextou as varchar (100),
@PayReceiptTextou as varchar (350),
@PayDatetimeou as datetime,
@PayBankCodeouin as varchar (6)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
select @payIDou = PayId ,
@PayAccountou = PayAccount,
@PayCustNameou = PayCustName,
@PayAmountou = PayAmount,
@PayAmountPaidou = PayAmountPaid,
@PayResponseou= PayResponse,
@PayRefNoou= PayRefNo,
@PayScreenTextou= PayScreenText,
@PayReceiptTextou= PayReceiptText,
@PayDatetimeou= PayDatetime,
@PayBankCodeouin= PayBankCode
from Payment
where PayId is not null AND
PayAccount like '%'+ISNULL((@PayAccountin),'')+'%' AND
PayCustName LIKE '%'+ISNULL((@PayAccountin),'')+'%' AND
PayAmount LIKE '%'+ISNULL((@PayAccountin),'')+'%' AND
PayAmountPaid LIKE '%'+ISNULL((@PayAccountin),'')+'%' AND
PayResponse LIKE '%'+ISNULL((@PayAccountin),'')+'%' AND
PayRefNo LIKE '%'+ISNULL((@PayAccountin),'')+'%' AND
cast(PayDatetime as date) = ( select convert(date , ''+ISNULL((@PayAccountin),'')+'', 103)) order by PayDatetime DESC
select @payIDou
-- Insert statements for procedure here
END
但是当我执行它时,我没有给出值,因为我知道某些类似的语句是不正确的,所以它永远不会给出返回值。
起初我在我的 vb .net 上做这样的查询:
Public Function SearchPayment(ByVal PayAccount As String, ByVal PayCustName As String, ByVal PayAmount As String, ByVal PayAmountPaid As String, ByVal PayResponse As String, ByVal PayRefNo As String, ByVal PayDatetime As String) As Boolean
Dim strsql As String = " select top 100 * from Payment where PayId is not null "
If PayAccount <> "" Then
strsql &= "and PayAccount like '%" & PayAccount & "%'"
End If
If PayCustName <> "" Then
strsql &= "and PayCustName like '%" & PayCustName & "%'"
End If
If PayAmount <> "" Then
strsql &= "and PayAmount like '%" & PayAmount & "%'"
End If
'' add PayAmountPaid
If PayAmountPaid <> "" Then
strsql &= "and PayAmountPaid like '%" & PayAmountPaid & "%'"
End If
If PayResponse <> "" Then
strsql &= "and PayResponse like '%" & PayResponse & "%'"
End If
'' add PayRefNo
If PayRefNo <> "" Then
strsql &= "and PayRefNo like '%" & PayRefNo & "%'"
End If
If PayDatetime <> "" Then
''select * from Inquiry where InquiryId is not null and cast(InquiryDate as date) = ( select convert(date ,'7/05/2013' , 103) )
strsql &= "and cast(PayDatetime as date) = ( select convert(date , '" & PayDatetime & "', 103)) "
End If
strsql &= "order by PayDatetime DESC"
Return runQuery(strsql)
End Function
Where
是否可以像我在 vb.net 上一样通过首先检查输入值来添加参数?