sim*_*hid 0 sql t-sql sql-server
Currently I have a working version of a dynamic SQL query without any variables except one (@ColumnHeader). And am able to get the desired result being a collection of column names in one line separated by comma.
select @ColumnHeader = COALESCE(@ColumnHeader+',','') + '''' + column_name + ''''
from databaseName.Information_Schema.Columns
where table_name = 'Dates'
I am trying to add variables for Database_information_schema and TableName.
DECLARE @ColumnHeader varchar(8000)
DECLARE @Database_Information_SchemaColumns varchar(8000) = 'DatabaseName2.Information_Schema.Columns'
DECLARE @TableName varchar(8000) = 'dates'
DECLARE @sqlQuery as nvarchar(max) = 'Select ' + @ColumnHeader + '= COALESCE(' + @ColumnHeader+ +''','','''')+ ''''''''+column_name+'''''''' from ' + @Database_Information_SchemaColumns + 'where table_name = '''+ @TableName + ''''
Print @sqlQuery
EXEC sp_executesql @sqlQuery;
I am getting Null values and am not sure whats wrong here.
下面是一些工作代码。我解释了所需的更改:
sp_executesql因为运行动态 SQL 的上下文无法看到声明的参数。where.varchar(max)并且nvarchar(max)因为没有必要冒着达到 8k 限制的风险。quotename任何数据库,模式,表或列名,以防止注射。sysname存储系统名称的数据类型quotename DECLARE @ColumnHeader varchar(max)
, @Database_Information_Database sysname = 'DatabaseName2'
, @Database_Information_Schema sysname = 'Information_Schema'
, @Database_Information_Columns sysname = 'Columns'
, @TableName sysname = 'dates';
DECLARE @sqlQuery nvarchar(max) = 'select @ColumnHeaderInteral = COALESCE(@ColumnHeaderInteral,'','','''') + '''''''' + column_name + '''''''' from '
+ quotename(@Database_Information_Database) + '.'
+ quotename(@Database_Information_Schema) + '.'
+ quotename(@Database_Information_Columns)
+ ' where quotename(table_name) = ''' + quotename(@TableName) + '''';
PRINT @sqlQuery;
EXEC sp_executesql @sqlQuery, N'@ColumnHeaderInteral varchar(max) output', @ColumnHeaderInteral = @ColumnHeader out;
SELECT @ColumnHeader;