在MS SQL Server中使用存储过程的输出初始化变量

Question

在MS SQL Server中使用存储过程的输出初始化变量

Lor*_*ure 1 t-sql sql-server stored-procedures sql-server-2005

我创建了以下存储过程..

CREATE PROCEDURE [dbo].[UDSPRBHPRIMBUSTYPESTARTUP]
(
  @CODE CHAR(5)
  , @DESC VARCHAR(255) OUTPUT
)
AS
DECLARE @SERVERNAME nvarchar(30)
DECLARE @DBASE nvarchar(30)
DECLARE @SQL nvarchar(2000)

SET @SERVERNAME = 
  Convert(nvarchar,
  (SELECT spData FROM dbSpecificData WHERE spLookup = 'CMSSERVER'))
SET @DBASE = 
  Convert(nvarchar,
  (SELECT spData FROM dbSpecificData WHERE spLookup = 'CMSDBNAME'))

SET @SQL = 
  'SELECT clnt_cat_desc FROM ' + @SERVERNAME + 
  '.' + @DBASE + '.dbo.hbl_clnt_cat WHERE inactive = ''N''
  AND clnt_cat_code = ''' + @CODE + ''''

EXECUTE sp_executeSQL @SQL

RETURN

Run Code Online (Sandbox Code Playgroud)

此过程用于许多不同的数据库和许多不同的服务器,并编写为动态SQL以简化维护.该过程还在与过程指向的服务器不同的服务器上运行.

我想使用此过程的输出作为表中的值...

DECLARE @clid BIGINT
DECLARE @fileid BIGINT
DECLARE @myCode CHAR(5)
DECLARE @myDesc VARCHAR(255)
DECLARE @@tempDesc VARCHAR(255)

SET @clid = 1831400022
SET @fileid = 2072551358
SET @myCode = 
  (SELECT _clientPrimBusinessType FROM udbhextclient WHERE clid = @clid)

SET @myDesc = 
  EXEC UDSPRBHPRIMBUSTYPESTARTUP @CODE = @myCode, @DESC = @@tempDesc OUTPUT
----------------------------------------------------------------------------
SELECT
  a.clid
  , b.fileid
  , c.usrfullname AS ClientPartner
  , e.usrfullname AS ClientFeeEarner
  , @myDesc AS ClientPrimaryBusinessType
FROM 
  dbclient a
    INNER JOIN
  dbFile b
    ON
  a.clid = b.clid
    INNER JOIN
  dbuser c
    ON 
  a.feeusrid = c.usrid
    INNER JOIN
  udbhextclient d
    ON
  a.clid = d.clid
    INNER JOIN
  dbuser e
    ON
  d._ClientFeeEarner = e.usrid
WHERE 
  a.clid = @clid
  AND b.fileid = @fileid

Run Code Online (Sandbox Code Playgroud)

我知道这是不正确的语法,但是你可以看到我想要实现的目的而不需要使用临时表,因为这意味着需要在30个不同的服务器上进行维护,每个服务器上有3到5个数据库.

Smink - 试过你的解决方案并得到以下结果......

运行Smink的解决方案

Answer 1

Jor*_*ira 7

换行:

SET @myDesc = 
  EXEC UDSPRBHPRIMBUSTYPESTARTUP @CODE = @myCode, @DESC = @@tempDesc OUTPUT

Run Code Online (Sandbox Code Playgroud)

至

EXEC UDSPRBHPRIMBUSTYPESTARTUP @CODE = @myCode, @DESC = @tempDesc OUTPUT

Run Code Online (Sandbox Code Playgroud)

而且你错过@DESC了在存储过程中的分配.

SET @SQL = 
  'SELECT @DESC = clnt_cat_desc FROM ' + @SERVERNAME + 
  '.' + @DBASE + '.dbo.hbl_clnt_cat WHERE inactive = ''N''
  AND clnt_cat_code = ''' + @CODE + ''''

EXECUTE sp_executeSQL @SQL, N'@DESC varchar(255) output', @DESC output

Run Code Online (Sandbox Code Playgroud)

然后你应该@tempDesc在下一个选择中使用:

SELECT
  a.clid
  , b.fileid
  , c.usrfullname AS ClientPartner
  , e.usrfullname AS ClientFeeEarner
  , @tempDesc AS ClientPrimaryBusinessType

Run Code Online (Sandbox Code Playgroud)

您的存储过程也允许SQL注入:

SET @SQL = 
  'SELECT clnt_cat_desc 
     FROM ' + QUOTENAME(@SERVERNAME) + '.' + QUOTENAME(@DBASE) + '.dbo.hbl_clnt_cat
    WHERE inactive = ''N''
      AND clnt_cat_code = @CODE'

EXECUTE sp_executeSQL @SQL, N'@CODE CHAR(5)', @CODE

Run Code Online (Sandbox Code Playgroud)

(更新:修复了SQL注入问题.)

归档时间：	16 年，11 月前
查看次数：	15395 次
最近记录：	12 年前