0

I have select statement that has where condition generated based on incoming parameter. `

DECLARE @ApplicationNumber  int = 0;
DECLARE @AccountReferenceNumber  int= 4820829;
DECLARE @SecurityNumber int = 1;
DECLARE @StreetAddress1  varchar(250)= '15 Prosper Court';
DECLARE @StreetAddress2 varchar(250) = NULL;
DECLARE @Suburb varchar(250)= 'wong';
DECLARE @State varchar(250) = NULL;
DECLARE @Postcode varchar(250) = '1245';
DECLARE @IsDeleted  bit = 0;
DECLARE @IsClass bit  = 1;
declare    @BaseQuery nvarchar(max) = ' ';
IF @IsClass = 1 
 DECLARE @tableid INT = 0;


  DECLARE @WhereClause VARCHAR(max) = '';
  
        --SET @WhereClause =  @AccountReferenceNumber ; 

          IF @StreetAddress1 IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND  StreetAddress1 = '+ @StreetAddress1; 

            END 

          IF @StreetAddress2 IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause 
                                   + ' AND StreetAddress2 = ' + @StreetAddress2; 
            END 

          IF @Suburb IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND Suburb= ' + @Suburb; 
            END 

          IF @Postcode IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND Postcode= '+ @Postcode; 
            END 


            SET  @BaseQuery = 'SELECT LoanSecurityId FROM LoanSecurity WHERE AccountReferenceNumber = @AccountReferenceNumber' 
          + @WhereClause

EXEC sp_executesql @BaseQuery, N'@AccountReferenceNumber int', @AccountReferenceNumber

i executed the statement and following errors is coming up

Incorrect syntax near 'Prosper'..

Can some one shed a light what am i missing in the following

After the suggetion and changes done , following is the select statment available at execute

SELECT LoanSecurityId FROM LoanSecurity WHERE AccountReferenceNumber = @AccountReferenceNumber AND StreetAddress1 = 15 Prosper Court AND Suburb= WODONGA AND Postcode= 1245

The string ins the whereclause is not coming proper

4

4 回答 4

0

Your can't just append a string to your query where clause. You need to use Dynamic SQL

SET  @sql = 'SELECT LoanSecurityId FROM LoanSecurity WHERE AccountReferenceNumber = @AccountReferenceNumber' 
          + @WhereClause

EXEC sp_executesql @sql, N'@AccountReferenceNumber int', @AccountReferenceNumber
于 2019-07-11T03:40:46.297 回答
0

when you have int value you should use cast(@Param as nvarchar(n)) for example :

IF @Postcode IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND Postcode =cast(@Postcode as nvarchar(50)) '; 
            END
于 2019-07-11T04:15:22.713 回答
0

After adjusting the input string and following code change, it is working

DECLARE @ApplicationNumber  int = 0;
DECLARE @AccountReferenceNumber  int;
set @AccountReferenceNumber= 820829;
DECLARE @SecurityNumber int = 1;
DECLARE @StreetAddress1  varchar(250)= '''15 prprpCourt''';
DECLARE @StreetAddress2 varchar(250) = NULL;
DECLARE @Suburb varchar(250)= '''tester''';
DECLARE @State varchar(250) = NULL;
DECLARE @Postcode varchar(250) = '''5589''';
DECLARE @IsDeleted  bit = 0;
DECLARE @IsClass bit  = 1;
declare    @BaseQuery nvarchar(max) = N'SELECT LoanSecurityId
            FROM LoanSecurity WHERE AccountReferenceNumber = ';
IF @IsClass = 1 
 DECLARE @tableid INT = 0;


  DECLARE @WhereClause VARCHAR(max) = '';
  
        SET @WhereClause =  @AccountReferenceNumber ; 

          IF @StreetAddress1 IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND  StreetAddress1 = ' + @StreetAddress1; 

            END 

          IF @StreetAddress2 IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause 
                                   + ' AND StreetAddress2 = ' + @StreetAddress2; 
            END 

          IF @Suburb IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND Suburb= ' + @Suburb; 
            END 

          IF @Postcode IS NOT NULL 
            BEGIN 
                SET @WhereClause = @WhereClause + ' AND Postcode= ' + @Postcode; 
            END 


          SET @BaseQuery = @BaseQuery + @WhereClause;

         -- SELECT @BaseQuery
          execute sp_executesql @BaseQuery;
于 2019-07-12T05:47:22.170 回答
0

You are using SQL wrong if you are building your SQL statements dynamically. There are only rare edge cases where that is ever required, usually when the table or view name is unknown at the time of execution.

You can perform your query without constructing the SQL Statement Dynamically using ISNULL to your advantage.

DECLARE @ApplicationNumber int = 0;
DECLARE @AccountReferenceNumber int = 820829;
DECLARE @SecurityNumber int = 1;
DECLARE @StreetAddress1  varchar(250) = '15 prprpCourt';
DECLARE @StreetAddress2 varchar(250) = NULL;
DECLARE @Suburb varchar(250)= 'tester';
DECLARE @State varchar(250) = NULL;
DECLARE @Postcode varchar(250) = '5589';
DECLARE @IsDeleted  bit = 0;
DECLARE @IsClass bit  = 1;

-- Not sure what this is for ...
IF @IsClass = 1 
    DECLARE @tableid INT = 0;

SELECT
    LoanSecurityId
FROM
    LoanSecurity
WHERE
    AccountReferenceNumber = @AccountReferenceNumber AND
    StreetAddress1 = ISNULL(@StreetAddress1, StreetAddress1) AND
    StreetAddress2 = ISNULL(@StreetAddress2, StreetAddress2) AND
    Suburb = ISNULL(@Suburb, Suburb) AND
    Postcode = ISNULL(@Postcode, Postcode)

P.S. ... Your execution performance will generally be much better if you use native SQL instead of creating a SQL statement on the fly.

于 2020-07-22T06:13:30.657 回答