IF ELSE Statement in SQL
SELECT S.Id, S.Name, S.Version, S.SoftNo
FROM SOFTWARE S WITH(NOLOCK)
WHERE (IF S.Version = 0 THEN S.Version > 0 ELSE S.Version = @Version)
AND (IF S.SoftNo = 0 THEN
-
Don't use concatenated SQL, it is a poor habit that increases the probability of SQL injection vulnerabilities. Your SQL code is now the exact same as the following (safer) code:
SELECT S.Id, S.Name, S.Version, S.SoftNo FROM SOFTWARE S WITH(NOLOCK) WHERE (@Version = 0 OR @Version = S.Version) AND (@SoftNo = 0 OR @SoftNo = S.SoftNo)
加载中...
- 热议问题