SQL Server:使用动态表名插入存储过程
本文关键字:插入 存储过程 动态 Server SQL | 更新日期: 2023-09-27 18:07:30
我试图创建一个用于插入新数据的存储过程。基本上我得到一个关于"声明表variable@tablename"的错误。
我试着:
create procedure [dbo].[spInsertProc](@table_name varchar(max))
as
begin
declare @name nvarchar(128);
declare @description nchar(255);
declare @tablename varchar(max);
--declare @tablename as table;
set @tablename = @table_name;
Insert Into @tablename ([name], [description])
Values (@name, @description)
end
另一个问题是这个存储过程是安全的,因为我没有使用查询字符串,对吗?
准备动态插入语句
CREATE procedure [dbo].[spInsertProc](@table_name varchar(max))
as
begin
declare @name varchar(50)='Sandip';
declare @description varchar(50)='SE';
Declare @Query VARCHAR(MAX)
SET @Query='Insert Into '+@table_name+' ([name], [description])
Values (
'''+@name+''',
'''+@description+''')'
EXEC(@Query);
PRINT(@Query);
end
下面是创建包含列和参数的插入语句的动态查询
DECLARE @table_name varchar(255) = 'table_name'
DECLARE @v_col varchar(MAX)
DECLARE @v_param varchar(MAX)
DECLARE @SP_param varchar(MAX)
DECLARE @sp_type varchar(10) = 'Insert'
SET @v_col = STUFF(
(SELECT ',' + '['+c.name+']'
FROM sys.tables t JOIN sys.columns c ON t.object_id = c.object_id
WHERE t.name = @table_name
AND c.is_identity = 0
FOR XML PATH ('')), 1, 1, ''
)
SET @v_param = STUFF(
(SELECT ',' + '@'+c.name
FROM sys.tables t JOIN sys.columns c ON t.object_id = c.object_id
WHERE t.name = @table_name
AND c.is_identity = 0
FOR XML PATH ('')), 1, 1, ''
)
SET @SP_param = STUFF(
(SELECT ',' + '@'+c.name+' '+y.name+' '+(CASE WHEN y.name = 'varchar' THEN '('+CAST(c.max_length as varchar)+')' ELSE '' END)
FROM sys.tables t JOIN sys.columns c ON t.object_id = c.object_id
JOIN sys.types y ON y.user_type_id = c.user_type_id
WHERE t.name = @table_name
AND c.is_identity = 0
FOR XML PATH ('')), 1, 1, ''
)
Declare @Query VARCHAR(MAX)
DECLARE @SPQuery VARCHAR(MAX)
SET @SPQuery = 'CREATE PROCEDURE '+@sp_type+''+@table_name+' ('+@SP_param+')
AS BEGIN'
SET @Query='Insert Into '+@table_name+' ('+@v_col+')
Values (
'+@v_param+')
END'
PRINT(@SPQuery);
PRINT(@Query);