1

下面的 SQL 失败并给我一个错误:

Incorrect syntax near '-'.

变量 value1 是一个 GUID,其中包含“-”字符。我将它用作 varchar

    Declare @valu1 as varchar(1000)
Declare @valu2 as varchar(200)
    Declare @sqlStr as nvarchar(2000)

    Select @valu1 = GUID, 
           @valu2= RationaleText 
    From   dbo.tblll
    Where  column= 'New'

            SET @sqlStr =N'Insert Into dbo.table1                    
                            Select  newid()            as ChangeID, 
                                    GETDATE()          as DateModified,
                                    a.col1 as col1,  
                                    c.col2       as col2,   
                                    d.col3      as col3,
                                    ' + @valu1 + '  as valu1,
                                    ' + @valu2 + ' as valu2     
                            From     table1 a
                                     Inner Join table2 b On a.col1 = b.col7
                                     Left Join table2  c On b.col1 = c.col2 
                                     Left Join table3  d On b.col1 = d.col3
                            Order By a.col1 

           PRINT @sqlStr            
           Exec(@sqlStr)

当我打印上面的 SQL - 我得到:

Insert Into dbo.table1                   
                                    Select  newid()            as ChangeID, 
                                            GETDATE()          as DateModified,
                                            a.col1 as col1,  
                                            c.col2       as col2,   
                                            d.col3       as  col3,
                                            DD989A2A-5B9C-4369-81E1-13C638F1C555  as valu1,
                                            New as valu2    
                                    From     table1 a
                                             Inner Join table2 b On a.col1 = b.col7
                                             Left Join table2  c On b.col1 = c.col2 
                                             Left Join table3  d On b.col1 = d.col3
                                    Order By a.col1
4

3 回答 3

2 
SET @sqlStr =N'Insert Into dbo.table1                    
                        Select  newid()            as ChangeID, 
                                GETDATE()          as DateModified,
                                a.col1 as col1,  
                                c.col2       as col2,   
                                d.col3      as col3,
                                ''' + @valu1 + '''  as valu1,
                                ''' + @valu2 + ''' as valu2     
                        From     table1 a

注意额外的引号。另请注意,这非常容易受到 sql 注入攻击。您应该使用sp_executesql而不是串联进行调查。

于 2013-09-18T20:14:16.410 回答
1

请尝试在变量周围加上更多引号:

''' + @valu1 + '''  as valu1
于 2013-09-18T20:14:47.880 回答
0

当您SET @sqlStr在字符串的末尾缺少末尾的单引号时。应该有'Order By a.col1

我试了一下SQL Fiddle,它奏效了:

Declare @valu1 as varchar(1000)
Declare @valu2 as varchar(200)
Declare @sqlStr as nvarchar(2000)

Select @valu1 = GUID, 
       @valu2= RationaleText 
From   dbo.tblll
Where  column= 'New'

SET @sqlStr =N'Insert Into dbo.table1                    
                Select  newid()            as ChangeID, 
                        GETDATE()          as DateModified,
                        a.col1 as col1,  
                        c.col2       as col2,   
                        d.col3      as col3,
                        ' + @valu1 + '  as valu1,
                        ' + @valu2 + ' as valu2     
                From     table1 a
                         Inner Join table2 b On a.col1 = b.col7
                         Left Join table2  c On b.col1 = c.col2 
                         Left Join table3  d On b.col1 = d.col3
                Order By a.col1'

PRINT @sqlStr            
Exec(@sqlStr)

您可能还需要将@valu1 和@valu2 括在单引号中,因为它们是字符串。您将需要使用双单引号将它们转义在字符串中。

''' + @valu1 + '''  as valu1,
''' + @valu2 + ''' as valu2
于 2013-09-18T20:22:26.533 回答