1

我有两张表,一张是这两张表的SubjectsUserDetails 列:

  • Subjects(RegNo,IndexNo,Subject_1,Subject_23,Subject_3,Subject_4) 和
  • UserDetails(姓名、出生日期、注册号、地址、ID)

我想根据特定主题从主题中获取、、、、和Name索引。创建了一个查询,但它不起作用_主题是包含主题名称的字符串变量DOBRegNoAddressIDUserDetails

SELECT UserDetails.Name,UserDetails.DOB,
      UserDetails.RegNo,UserDetails.Address, UserDetails.ID,
Subjects.IndexNo 
FROM UserDetails
INNER JOIN Subjects  ON UserDetails.RegNo = Subjects.RegNo 
WHERE Subjects Subject_1 
   OR Subject_2 
   OR Subject_3 OR Subject_4 ='"+_subject+"'"
4

4 回答 4

1

您可能会自己解决这个问题,但您需要指定 WHERE 子句的每个部分,如下所示:

WHERE Subjects.Subject_1 = '"+_subject+"'"
OR Subjects.Subject_2 = '"+_subject+"'"
OR Subjects.Subject_3 = '"+_subject+"'"
OR Subjects.Subject_4 = '"+_subject+"'"
于 2013-06-27T06:39:24.510 回答
0

您是否尝试将 UserDetails 的任何主题与存储在变量中的字符串进行匹配?

尝试这个

DECLARE @subject varchar(20) = 'subjectstringvalue'; --variables are declared like this in T-sql
SELECT
ud.Name
,ud.DOB
,ud.RegNo
,ud.Address
,ud.ID
,s.IndexNo 

FROM UserDetails AS ud
INNER JOIN Subjects AS s
    ON ud.RegNo = s.RegNo 

WHERE s.Subject_1 = @subject --variables are used like this in T-sql
OR Subject_2 = @subject
OR Subject_3 = @subject
OR Subject_4 = @subject
于 2013-06-27T06:47:03.500 回答
0

相反,只需创建一个如下所示的简单存储过程,并将您的主题值作为参数传递。

CREATE PROC GetDetails
(
    @Subject VARCHAR(10)
)
BEGIN       
    SELECT UserDetails.Name,UserDetails.DOB,
          UserDetails.RegNo,UserDetails.Address, UserDetails.ID,
    Subjects.IndexNo 
    FROM UserDetails
    INNER JOIN Subjects  ON UserDetails.RegNo = Subjects.RegNo 
    WHERE Subject_1 = @Subject 
       OR Subject_2 = @Subject
       OR Subject_3 = @Subject
END
于 2013-06-27T06:53:52.427 回答
0

您的 where 子句无效。

尝试

WHERE
   Subject_1 = '"+_subject+"' 
   OR Subject_2 = '"+_subject+"'
   OR Subject_3 = '"+_subject+"'
   OR Subject_4 = '"+_subject+"'"

我假设您的 _subject 字符串已被清理,并且用户不能仅将其用于 SQL 注入攻击......

于 2013-06-27T06:37:24.673 回答