当前位置: 首页 > 图文教程 > 数据库 > MSSQL > 动态SQL四种类型的语句格式

MSSQL
保护SQL Server 2000的十个步骤
突破一流信息监控拦截系统进行SQL注射
Oracle8的不安全因素及几点说明
数据库安全性策略(1)
数据库安全性策略 (2)
浅谈数据库的攻击
SQL数据库的一些攻击
怎样使MySQL安全以对抗解密高手
不当编写SQL语句导致系统不安全
调整重心-从IIS到SQL Server数据库安全
SQL Server:安全设计从头起
保护SQL Server:为安全性而安装
网站入侵过程!
网管,你的防火墙上也有“洞”吗
跟我学SQL:(三)使用SQL子选择来合并查询
跟我学SQL:(四)查询多个表格
跟我学SQL:(五)创建和修改表格
跟我学SQL:(六)串行数据类型
跟我学SQL:(八)数值数据类型
跟我学SQL:(九)datetime和interval数据类型

MSSQL 中的 动态SQL四种类型的语句格式


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-30   浏览: 70 ::
收藏到网摘: n/a

  1.Dynamic SQL Format 1

EXECUTE IMMEDIATE SQLStatement     {USING TransactionObject} ;

eg:
string            Mysql
Mysql = "CREATE TABLE Employee "&
    +"(emp_id integer not null,"&
    +"dept_id integer not null, "&
    +"emp_fname char(10) not null, "&
    +"emp_lname char(20) not null)"
EXECUTE IMMEDIATE :Mysql ;

2.Dynamic SQL Format 2

PREPARE DynamicStagingArea FROM SQLStatement     {USING TransactionObject} ;
EXECUTE DynamicStagingArea USING {ParameterList} ;

eg:
INT        Emp_id_var = 56
PREPARE SQLSA
    FROM "DELETE FROM employee WHERE emp_id=?" ;
EXECUTE SQLSA USING :Emp_id_var ;


3.Dynamic SQL Format 3

DECLARE Cursor | Procedure     DYNAMIC CURSOR | PROCEDURE      FOR DynamicStagingArea ;
PREPARE DynamicStagingArea FROM SQLStatement     {USING TransactionObject} ;
OPEN DYNAMIC Cursor     {USING ParameterList} ;
EXECUTE DYNAMIC Procedure    {USING ParameterList} ;
FETCH Cursor | Procedure     INTO HostVariableList ;
CLOSE Cursor | Procedure ;
eg:
integer Emp_id_var

DECLARE my_cursor DYNAMIC CURSOR FOR SQLSA ;
PREPARE SQLSA FROM "SELECT emp_id FROM employee" ;
OPEN DYNAMIC my_cursor ;
FETCH my_cursor INTO :Emp_id_var ;
CLOSE my_cursor ;


4.Dynamic SQL Format 4

DECLARE Cursor | Procedure     DYNAMIC CURSOR | PROCEDURE      FOR DynamicStagingArea ;
PREPARE DynamicStagingArea FROM SQLStatement    {USING TransactionObject} ;
DESCRIBE DynamicStagingArea    INTO DynamicDescriptionArea ;
OPEN DYNAMIC Cursor | Procedure    USING DESCRIPTOR DynamicDescriptionArea ;
EXECUTE DYNAMIC Cursor | Procedure    USING DESCRIPTOR DynamicDescriptionArea ;
FETCH Cursor | Procedure     USING DESCRIPTOR DynamicDescriptionArea ;
CLOSE Cursor | Procedure ;

eg:

string Stringvar, Sqlstatement
integer Intvar
Sqlstatement = "SELECT emp_id FROM employee"
PREPARE SQLSA FROM :Sqlstatement ;
DESCRIBE SQLSA INTO SQLDA ;
DECLARE my_cursor DYNAMIC CURSOR FOR SQLSA ;
OPEN DYNAMIC my_cursor USING DESCRIPTOR SQLDA ;
FETCH my_cursor USING DESCRIPTOR SQLDA ;

// If the FETCH is successful, the output
// descriptor array will contain returned
// values from the first row of the result set.
// SQLDA.NumOutputs contains the number of
// output descriptors.
// The SQLDA.OutParmType array will contain
// NumOutput entries and each entry will contain
// an value of the enumerated data type ParmType
// (such as TypeInteger!, or TypeString!).

CHOOSE CASE SQLDA.OutParmType[1]
CASE TypeString!
        Stringvar = GetDynamicString(SQLDA, 1)
    CASE TypeInteger!
        Intvar = GetDynamicNumber(SQLDA, 1)

END CHOOSE
CLOSE my_cursor ;