如何在SQL Server管理工作室中使用表提取数据

时间:2021-08-01 16:02:35

I want to use following code to get results from table companies. How can I set the value of variable @strs to point to a column name of my table companies.

我想使用以下代码从表公司获得结果。如何将变量@strs的值设置为指向表公司的列名。

declare @strs nvarchar(max)
set @strs = 'I want to pass table data here' // I want to pass table data here
set @strs = reverse(@strs)
select reverse(@strs) String,
reverse(right(@strs,len(@strs) - charindex(' ',@strs,30))) Description1,
ltrim(reverse(left(@strs,charindex(' ',@strs,30)))) Description2

2 个解决方案

#1


0  

I think this is what you mean ...

我想这就是你的意思......

select @strs = name from companies where ...

#2


0  

Unless I'm completely off...you are looking to 'dynamically' select columns base on a variable input. If this is true, you are looking for dynamic SQL. This can be a security loop-hole, so it is best if you do some reading on what dynamic SQL entails. Relatively simple, you are building your SQL statement in a variable and then executing the variable (this is dangerous as I could build a variable as sql code and execute against your server as a SQL injection attack).

除非我完全关闭...你希望“动态”选择基于变量输入的列。如果是这样,那么您正在寻找动态SQL。这可能是一个安全循环漏洞,因此最好是对动态SQL所需的内容进行一些阅读。相对简单,您在变量中构建SQL语句然后执行变量(这很危险,因为我可以将变量构建为sql代码并作为SQL注入攻击针对您的服务器执行)。

set @sql = 'select ' + @strs + 'from table'
exec @sql

As long as @strs is a list of columns with proper comma''s seperating them, this should work.

只要@strs是一个包含正确逗号分隔列的列表,这应该可行。

I need to ask why you are doing this though...column selection at this level is often best done in the GUI that you are presenting results to your users in...you may want to reconsider why you've decided this is nessacary.

我需要问一下你为什么这样做...这个级别的列选择通常最好在你向用户展示结果的GUI中完成...你可能想重新考虑为什么你决定这是nessacary 。

#1


0  

I think this is what you mean ...

我想这就是你的意思......

select @strs = name from companies where ...

#2


0  

Unless I'm completely off...you are looking to 'dynamically' select columns base on a variable input. If this is true, you are looking for dynamic SQL. This can be a security loop-hole, so it is best if you do some reading on what dynamic SQL entails. Relatively simple, you are building your SQL statement in a variable and then executing the variable (this is dangerous as I could build a variable as sql code and execute against your server as a SQL injection attack).

除非我完全关闭...你希望“动态”选择基于变量输入的列。如果是这样,那么您正在寻找动态SQL。这可能是一个安全循环漏洞,因此最好是对动态SQL所需的内容进行一些阅读。相对简单,您在变量中构建SQL语句然后执行变量(这很危险,因为我可以将变量构建为sql代码并作为SQL注入攻击针对您的服务器执行)。

set @sql = 'select ' + @strs + 'from table'
exec @sql

As long as @strs is a list of columns with proper comma''s seperating them, this should work.

只要@strs是一个包含正确逗号分隔列的列表,这应该可行。

I need to ask why you are doing this though...column selection at this level is often best done in the GUI that you are presenting results to your users in...you may want to reconsider why you've decided this is nessacary.

我需要问一下你为什么这样做...这个级别的列选择通常最好在你向用户展示结果的GUI中完成...你可能想重新考虑为什么你决定这是nessacary 。