我有以下代碼,它從我的ms sql資料庫中回傳一個表
。one_yrs_ago = datetime.now() - relativedelta( years=1)
all = 'SELECT Master_Sub_Account , cAccountTypeDescription , Debit , Credit FROM [Kyle].[dbo].[PostGL] AS genLedger'/span>
' Inner JOIN [Kyle].[dbo].[Accounts] '/span>
'on Accounts.AccountLink = genLedger.AccountLink'
'Inner JOIN [Kyle].[dbo].[_etblGLAccountTypes] as AccountTypes '
'on Accounts.iAccountType = AccountTypes.idGLAccountType'
' WHERE genLedger.AccountLink not in (161,162,163,164,165,166,167,168,122) '
在這種情況下,我如何將one_yrs_ago變數添加到SQL查詢中,像這樣 :
one_yrs_ago = datetime.now() - relativedelta( years= 1)
all = 'SELECT Master_Sub_Account , cAccountTypeDescription , Debit , Credit FROM [Kyle].[dbo].[PostGL] AS genLedger'/span>
' Inner JOIN [Kyle].[dbo].[Accounts] '/span>
'on Accounts.AccountLink = genLedger.AccountLink'
'Inner JOIN [Kyle].[dbo].[_etblGLAccountTypes] as AccountTypes '
'on Accounts.iAccountType = AccountTypes.idGLAccountType'
' WHERE genLedger.AccountLink not in (161,162,163,164,165,166,167,168,122) '
' AND WHERE genLedger.TxDate > ' one_yrs_ago' '
uj5u.com熱心網友回復:
沒有看到完整的背景關系,但這是我在SQL Server中的做法
。我想說的是,將你傳入的內容引數化是很重要的,否則你可能會得到SQL注入!
完整的例子可供玩味。
完整的例子,請注意,你宣告了引數和它們的型別,然后在這一行中傳遞你想要的實際值
EXEC sp_executesql @sqlToExec, N'@TheName NVARCHAR(100)', @TheName = 'Andrew'
下面是運行的小例子:
BEGIN TRANSACTION
BEGIN TRY
CREATE TABLE #Users (
Id INT NOT NULL IDENTITY(1, 1) PRIMARY KEY,
[Name] NVARCHAR(50) NOT NULLINSERT INTO #Users ( [Name])
VALUES('Andrew')。
('Bob')
DECLARE @sqlToExec NVARCHAR(4000) = N'SELECT *
FROM #Users AS U
WHERE U. [Name] = @TheName'
EXEC sp_executesql @sqlToExec, N'@TheName NVARCHAR(100)', @TheName = 'Andrew'.
ROLLBACK TRANSACTION
END TRY
BEGIN CATCH
PRINT 'Rolling back changes, there was an error!!'
ROLLBACK TRANSACTION
DECLARE @Msg NVARCHAR(MAX)
SELECT @Msg=ERROR_MESSAGE()
RAISERROR('Error Occured: %s', 20, 101, @msg) WITH LOG
END CATCH
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/316186.html
標籤:
下一篇:如何將變數中的數值變成陣列索引