I need to used dynamic order query in mysql and i have successfully achieved that through string concatenation in mysql as follows:
我需要在mysql中使用动态顺序查询,我已经通过mysql中的字符串连接成功实现了这一点,如下所示:
set @stmt_text := concat('select * from abc order by ',sorder);
set @stmt_text:= concat('select * from abc order by',sorder);
prepare stmt_handle from @stmt_text;
从@stmt_text准备stmt_handle;
execute stmt_handle;
deallocate prepare stmt_handle;
deallocate准备stmt_handle;
i need a similar way to convert this in mssql
我需要一种类似的方法来转换它在mssql中
Any ideas??
1 个解决方案
#1
Yes, just run it like this:
是的,只需像这样运行:
execute ('select * from abc order by ' + @sorder);
But don't forget that you need to verify the sorder variable if you get it through user input (to stop sql-injections)
但是不要忘记,如果通过用户输入获取它,则需要验证sorder变量(以停止sql注入)
#1
Yes, just run it like this:
是的,只需像这样运行:
execute ('select * from abc order by ' + @sorder);
But don't forget that you need to verify the sorder variable if you get it through user input (to stop sql-injections)
但是不要忘记,如果通过用户输入获取它,则需要验证sorder变量(以停止sql注入)