743
社区成员
发帖
与我相关
我的任务
分享求助:关于嵌入sql语句in的用法(动态sql)
在输入供应商编码后,需要判断该供应商是否属于权限门店,写动态sql
s_sql='select sup_code,sup_desc,man_type,cont_code,founded_time,determine_timecen_person,stat_flag,abc_class from supplier where sup_code="'+supcode+'" and shop_own in ('+ls_shop+')'
declare cur_shop dynamic cursor for sqlsa;
prepare sqlsa from :ls_sql;
open dynamic cur_shop;
fetch cur_shop into :supcode,:supdesc,:mantype,:contcode,:foundeddate,:determinedate,:enrolperson,:statflag,:abcclass;
close cur_shop;
lS_shop是我已经做好的门店字符串,但是发现不在该门店的供应商也能查出来
用sqlserver事件查看器跟踪了一下,代码如下:
declare @P1 int
set @P1=0
declare @P2 int
set @P2=2
declare @P3 int
set @P3=0
exec sp_cursoropen @cursor = @P1 output, @stmt = 'select sup_code,sup_desc,man_type,cont_code,founded_time,determine_timecen_person,stat_flag,abc_class from supplier where sup_code="80381" and shop_own in ("002","003","004","005","006")', @scrollopt = @P2 output, @ccopt = 4, @rows = @P3 output
select @P1, @P2, @P3
80381供应商是门店001的,也就是不在in条件下的任何一个门店,为什么还会查出来呢?
s_sql='select sup_code,sup_desc,man_type,cont_code,founded_time,determine_timecen_person,stat_flag,abc_class from supplier where sup_code="'+supcode+'" and shop_own in ('+ls_shop+')'
declare cur_shop dynamic cursor for sqlsa;
prepare sqlsa from :ls_sql;
open dynamic cur_shop;
fetch cur_shop into :supcode,:supdesc,:mantype,:contcode,:foundeddate,:determinedate,:enrolperson,:statflag,:abcclass;
close cur_shop;
lS_shop是我已经做好的门店字符串,但是发现不在该门店的供应商也能查出来
用sqlserver事件查看器跟踪了一下,代码如下:
declare @P1 int
set @P1=0
declare @P2 int
set @P2=2
declare @P3 int
set @P3=0
exec sp_cursoropen @cursor = @P1 output, @stmt = 'select sup_code,sup_desc,man_type,cont_code,founded_time,determine_timecen_person,stat_flag,abc_class from supplier where sup_code="80381" and shop_own in ("002","003","004","005","006")', @scrollopt = @P2 output, @ccopt = 4, @rows = @P3 output
select @P1, @P2, @P3
80381供应商是门店001的,也就是不在in条件下的任何一个门店,为什么还会查出来呢?
...全文
请发表友善的回复…
发表回复
