Working with datetime with dynamic query in SQL Server

后端 未结 7 2780
野性不改
野性不改 2021-02-20 11:56

I am using a dynamic query wherein I want to use the variable which holds the datetime, whenever I execute the query it says cannot convert datetime from string, when I cast tha

相关标签:
7条回答
  • 2021-02-20 11:57

    Run this example and adapt it to your code. (There are not 3 contiguous single quotes)

    Declare @FromDATE  datetime
    ;Declare @ToDATE datetime
    ;set @FromDATE = getdate() 
    ;set @ToDATE = @FromDATE 
    
    ;Print 'WHERE TillDate BETWEEN ' + char(39) + CONVERT(VARCHAR(10),@FromDATE, 101) 
    + char(39) + ' and ' + char(39) + CONVERT(VARCHAR(10),@ToDATE, 101) + char(39)
    
    0 讨论(0)
  • 2021-02-20 12:06

    I think this might work:

     DECLARE @tempdate datetime
     SET tempdate =DATEADD(DD,1,@TODATE)
     SET @SQL1 = 'SELECT B.FacId, B.FacName, B.BookCode, B.BookName, B.Quantity,'''+  cast     (B.TillDate as VARCHAR(50))+''' AS TILLDATE FROM '+@TABLE+' B WHERE B.TillDate BETWEEN '''+cast(@FROMDATE as VARCHAR(50))+''' and  '''+cast(@tempdate as VARCHAR(50))'''
    
     EXEC SP_EXECUTESQL @SQL1 
    
    0 讨论(0)
  • 2021-02-20 12:09

    This is late, but may be it help someone

    What you need is a quotes around your date, You already got your answer.

    Below is an example of what I usually put in my query

    '(CONVERT(DATETIME,CONVERT(varchar,gd.CreatedDate),106) <= CONVERT(DATETIME,'''+CONVERT(varchar, @EndDate ) +''',106))'
    

    note that @EndDate is of type Datetime here

    0 讨论(0)
  • 2021-02-20 12:16

    I'd like to see your variable definitions but I suspect it's because @FROMDATE and @TODATE are datetime and you're using them in a string concatenation statement. Thus you can fix it by:

    SET @SQL1 = 'SELECT B.FacId, B.FacName, B.BookCode, B.BookName, B.Quantity, CONVERT(VARCHAR(10), B.TillDate, 104) AS TILLDATE FROM '+@TABLE+' B WHERE B.TillDate BETWEEN CONVERT(VARCHAR(10),'+CAST(@FROMDATE as varchar(15))+', 101) and CONVERT(VARCHAR(10), DATEADD(DD,1,'+CAST(@TODATE as varchar(15))+'), 101)'
    

    However better solutions are:

    1. Don't use dynamic SQL at all, maybe @TABLE doesn't vary that much and you can union them in to a view or something
    2. Pass the parameters directly in to sp_executeSQL and thus preserve their types e.g.

    SET @SQL1 = 'SELECT B.FacId, B.FacName, B.BookCode, B.BookName, B.Quantity, B.TillDate AS TILLDATE FROM '+@TABLE+' B WHERE B.TillDate BETWEEN @inFROMDATE and @inTODATE'

    EXEC SP_EXECUTESQL @SQL1,'@inFROMDATE datetime, @inTODATE',@inFromDate = @FROMDATE, @inTODATE = @TODate

    0 讨论(0)
  • 2021-02-20 12:17

    You should not concatenate your parameter values like this. The best solution is to use a parameterized query with sp_executesql.

    DECLARE @sql nvarchar(4000)
    
    select @sql = N'
      SELECT B.FacId 
           , B.FacName
           , B.BookCode
           , B.BookName
           , B.Quantity
           , CONVERT(VARCHAR(10), B.TillDate, 104) AS TILLDATE 
        FROM ' + quotename(@TABLE) + N' B
       WHERE B.TillDate BETWEEN cast(floor(cast(@fromDate as float)) as datetime)
                            AND cast(floor(cast(@toDate as float)) as datetime)'
    
    EXEC sp_executesql @sql, N'@fromDate datetime, @toDate datetime', @FROMDATE, @TODATE
    

    Things to note about sp_executesql are:

    • The parameters are NVARCHAR values
    • The 3rd and 4th parameter keep their original datatype and do not need to be converted to a varchar. This again protects agains SQL Injection and it makes the query more readable as you prevent the quote soup which is so common in Dynamic SQL

    Some additional changes were applied to the query:

    • The table name is wrapped in the QUOTENAME() function which protects against sql injection on the object name
    • The way the date part of the datetime variables is removed is not very optimal. Doing a convert(,,101) is an expensive operation which can better be done using the casting to float and taking floor of that value.
    0 讨论(0)
  • 2021-02-20 12:22

    You need to quote your dates..

    SET @SQL1 = 
       'SELECT B.FacId, 
               B.FacName, 
               B.BookCode, 
               B.BookName, 
               B.Quantity, 
               CONVERT(VARCHAR(10), B.TillDate, 104) AS TILLDATE 
               FROM '+@TABLE+' B 
               WHERE B.TillDate BETWEEN ''' + CONVERT(VARCHAR(10),@FROMDATE, 101) + ''' and ''' + CONVERT(VARCHAR(10),DATEADD(DD,1,@TODATE), 101) + ''''
    
    0 讨论(0)
提交回复
热议问题