34,838
社区成员




declare @str varchar(1024)
set @str = ' 5=5 and 6 =6 '
declare @SQL varchar(4000)
set @SQL = 'select 1 where (' + @str + ')'
exec(@sql)
if @@rowcount > 0
print 'true'
else
print 'false'
/*
true
*/
declare @str varchar(1024)
set @str = ' 5=5 '
declare @SQL varchar(4000)
set @SQL = 'select 1 where (' + @str + ')'
exec(@sql)
if @@rowcount > 0
print 'true'
else
print 'false'
true
set @str = '5=5 and 6>6'
set @SQL = 'select 1 where ' + @str
exec(@sql)
if @@rowcount > 0
print 'true'
else
print 'false'
-----------
false
declare @str nvarchar(1024)
set @str = '5=5 and 6=6'
declare @SQL nvarchar(4000),@True bit
set @SQL = 'if (' + @str + ') set @True = 1 else set @True = 0'
exec sp_executesql @SQL, N'@True bit output', @True output
select @True