1. 技术文章
  2. pass my table name as parameter in sql query

pass my table name as parameter in sql query

痴心易碎 提交于 2020-04-30 07:44:25

问题


I need help with a query. In my query I want to pass my table name as parameter. This is my query:

SELECT DISTINCT 
    CONVERT (varchar, InspectDateTime) AS 'Inspect Date Time', 
    CONVERT (varchar, SynDateTime) AS 'Sync Date Time', 
    Employee, 
    ROUND(OverAllPercentage, 2) AS Grade 
FROM 
    Table_Name 
WHERE 
    (DATEADD(dd, DATEDIFF(dd, 0, InspectDateTime), 0) 
    BETWEEN 
        DATEADD(dd, DATEDIFF(dd, 0, @From ), 0) AND 
        DATEADD(dd, DATEDIFF(dd, 0, @To ), 0)) 
ORDER BY 
    'Inspect Date Time'

Here I want to pass the Table_Name as parameter. Please note that this query is already taking two arguments as parameter, namely "@From" and "@To"


回答1:


If you are working with MS SQL you can do:

CREATE PROCEDURE sp_GetMyStuff
(
    @From datetime,
    @To datetime,
    @TableName nvarchar(100)
)
AS

exec('    
    SELECT DISTINCT 
        CONVERT (varchar, InspectDateTime) AS ''Inspect Date Time'', 
        CONVERT (varchar, SynDateTime) AS ''Sync Date Time'', 
        Employee, 
        ROUND(OverAllPercentage, 2) AS Grade 
    FROM 
        ' + @TableName + ' 
    WHERE 
        (DATEADD(dd, DATEDIFF(dd, 0, InspectDateTime), 0) 
        BETWEEN 
            DATEADD(dd, DATEDIFF(dd, 0, ' + @From + '), 0) AND 
            DATEADD(dd, DATEDIFF(dd, 0, ' + @To + '), 0)) 
    ORDER BY 
        1
');

and then just call it

sp_GetMyStuff '2011-05-05', '2011-06-05', 'TBL_MYTABLE'



回答2:


In SQL Server, if you want to "parametrize" the table name, you have to use dynamic SQL

If so, you must read Erland's The Curse and Blessing of dynamic SQL as an intro.

So basically, you need to build up your SQL statement as a string, and then execute it. There is no other way to "parametrize" the table name in a SQL Server T-SQL statement.




回答3:


OK, assuming you're using SQL Server (judging by the DATEADD and DATEDIFF functions), you'll need to

  1. construct a concatenated sql command as string (taking care not to allow SQL injection: i.e. you should check that your table_name variable is a valid table name by looking up possible names form information_schema and validating etc.)

  2. execute your dynamic sql using sp_executesql: http://msdn.microsoft.com/en-us/library/ms188001.aspx




回答4:


Thanks balexandre. The final query after minor modification(casting @From,@To into varchar) is:

CREATE PROCEDURE sp_GetMyStuff

@TableName VARCHAR(128),
@From DATETIME,
@To DATETIME

AS

DECLARE @sql VARCHAR(4000)
SELECT @sql = 'SELECT DISTINCT CONVERT (varchar, InspectDateTime) AS ''Inspect Date Time'', CONVERT (varchar, SynDateTime) AS ''Sync Date Time'', Employee, ROUND(OverAllPercentage, 2) AS Grade
FROM ' + @TableName + '
WHERE
(DATEADD(dd, DATEDIFF(dd, 0, InspectDateTime), 0) BETWEEN DATEADD(dd, DATEDIFF(dd, 0,'''+ CAST(@From AS VARCHAR(100)) +''' ), 0)
AND DATEADD(dd, DATEDIFF(dd, 0,'''+ CAST(@To AS VARCHAR(100)) +'''), 0))
ORDER BY ''Inspect Date Time'''
EXEC (@sql)

GO


来源:https://stackoverflow.com/questions/6223851/pass-my-table-name-as-parameter-in-sql-query

标签
sql
dynamic-sql
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!