62,046
社区成员
发帖
与我相关
我的任务
分享
ALTER proc [dbo].[Search]
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @sql='select * from '+@tabel+' where '+@b+' =gggg'/*这里提示列名gggg无效,按道理应是@b是列名*/
exec(@sql)
end
ALTER proc [dbo].[Search]
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @tabel=@tabel
set @b=@b
set @sql = 'select ID from '+@tabel+' where '+@a+' = '''+@b+''''/*要搞清楚哪个是参数,哪个是字符串*/
exec(@sql)
end
ALTER proc [dbo].[Search]
@tabel varchar(10), /*表名*/
@a varchar(10),/*列名*/
@b VarChar(50)/*查询参数*/
as
begin
declare @sql as varchar(100)
set @tabel=@tabel
set @b=@b
set @sql = 'select ID from '+@tabel+' where '+@a+' = ''@b'''/*改过之后不管什么条件查询都提有,不知哪又不对了*/
exec(@sql)
end
set @sql='select * from '+@tabel+' where '+@b+' =''gggg'''
if (dr.Read()) /*这个不管有!还是没有!都达不到效果*/
{
r = "1";
}
/// <summary>
///search 对表进行查询 返回1表示有,0表示没有
/// </summary>
/// <param name="tabel">要查询的表名</param>
/// <param name="a">要查询的列名</param>
/// <param name="b">要查询的参数</param>
public string seach(string tabel,string a,string b)
{
data.Open();
SqlCommand comm = new SqlCommand("Search", data.con);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.Add(new SqlParameter("@tabel", SqlDbType.VarChar, 10)).Value = tabel ;
comm.Parameters.Add(new SqlParameter("@a", SqlDbType.VarChar, 10)).Value = a;
comm.Parameters.Add(new SqlParameter("@b", SqlDbType.VarChar, 50)).Value = b;
SqlDataReader dr = data.ExecSql(comm);
string r = "0";
if (!dr.Read())
{
r = "1";
}
data.Close();
data.Dispose();
return r;
}
}
set @sql = 'select ID from '+@tabel+' where '+@a+'='''+@b+''''/*是三个,提交查询参数后,(比如查询列名A是否有参数@b时总是提示有*/