当前位置: 首页 > 图文教程 > 数据库 > MSSQL > 高级自定义查询、分页、多表联合存储过程

MSSQL
SQL注入漏洞全接触--进阶篇(二)
SQL注入漏洞全接触--高级篇(一)
SQL注入漏洞全接触--高级篇(二)
SQL Server补丁安装常见问题
[专题]SQL SERVER实用经验技巧集
防范SQL注入式攻击
Mssql和Mysql的安全性分析
SQL概述及在网络安全中的应用
安全入门:SQL注入漏洞全接触
数据库系统防黑客入侵技术综述
SQL注入奇招致胜 UNION查询轻松免费看电影
看紧你的3306端口,一次通过mysql的入侵
MSSQL db_owner角色注入直接获得系统权限
针对SQL INJECTION的SQL SERVER安全设置初级篇
有孔就入 SQL Injection的深入探讨
SQL注入不完全思路与防注入程序
SQL注入攻击的原理及其防范措施
SQL Server应用程序中的高级SQL注入
数据库下载漏洞攻击技术
SQL注入实战---利用“dbo”获得SQL管理权限和系统权限

MSSQL 中的 高级自定义查询、分页、多表联合存储过程


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-30   浏览: 91 ::
收藏到网摘: n/a

 

分页存储过程代码如下:
ALTER PROCEDURE [dbo].[Task_SelectPagedAndSorted]
(
    @ProjectID uniqueidentifier,
    @ProjectAreaID uniqueidentifier,
    @DepartmentID uniqueidentifier,
    @ChiefID uniqueidentifier,
    @State nvarchar(32),
    @Priority int,
    @Triage nvarchar(32),
    @PlanStartDateF datetime,
    @PlanStartDateL datetime,
    @PlanEndDateF datetime,
    @PlanEndDateL datetime,
    @CompletedDateF datetime,
    @CompletedDateL datetime,
    @SortExpression nvarchar(256),
    @StartRowIndex int,
    @MaximumRows int
)   
AS

DECLARE @sql nvarchar(4000)
DECLARE @ViewSql nvarchar(4000)
DECLARE @WhereClause nvarchar(2000)
DeCLARE @FEndRowIndex int
DeCLARE @FStartRowIndex int
DeCLARE @FMaximumRows int
DeCLARE @FSortExpression nvarchar(256)

-- Make sure a @sortExpression is specified
IF LEN(@SortExpression) > 0
  SET @FSortExpression = @SortExpression
ELSE
  SET @FSortExpression = 'ChangedDate DESC'

if (@StartRowIndex is null)
  SET @FStartRowIndex = 0;
else
  SET @FStartRowIndex = @StartRowIndex
if (@MaximumRows is null) or (@MaximumRows <= 0)
  SET @FMaximumRows = 1000;
else
  SET @FMaximumRows = @MaximumRows

SET @FEndRowIndex = @FStartRowIndex + @FMaximumRows

SET @WhereClause = 'WHERE --'
if not ((@ProjectID is null) or (@ProjectID = '00000000-0000-0000-0000-000000000000'))
  SET @WhereClause = @WhereClause + 'AND
    ([ProjectID] = ''' + CAST(@ProjectID as nvarchar(64)) + ''')'
if not ((@ProjectAreaID is null) or (@ProjectAreaID = '00000000-0000-0000-0000-000000000000'))
  SET @WhereClause = @WhereClause + 'AND
    ([ProjectAreaID] = ''' + CAST(@ProjectAreaID as nvarchar(64)) + ''')'
if not ((@DepartmentID is null) or (@DepartmentID = '00000000-0000-0000-0000-000000000000'))
  SET @WhereClause = @WhereClause + 'AND
    ([DepartmentID] = ''' + CAST(@DepartmentID as nvarchar(64)) + ''')'
if not ((@ChiefID is null) or (@ChiefID = '00000000-0000-0000-0000-000000000000'))
  SET @WhereClause = @WhereClause + 'AND
    ([ChiefID] = ''' + CAST(@ChiefID as nvarchar(64)) + ''')'
if  LEN(@State) > 0
  SET @WhereClause = @WhereClause + 'AND
    ([State] = ''' + @State + ''')'
if not ((@Priority is null) or (@Priority < 0))
  SET @WhereClause = @WhereClause + 'AND
    ([Priority] = ' + CONVERT(nvarchar(10), @Priority) + ')'
if  LEN(@Triage) > 0
  SET @WhereClause = @WhereClause + 'AND
    ([Triage] = ''' + @Triage + ''')'
if not (@PlanStartDateF is null)
  SET @WhereClause = @WhereClause + 'AND
    (([PlanStartDate] is null) or ([PlanStartDate] >= CAST(''' + CAST(@PlanStartDateF as nvarchar)  + ''' AS datetime)))'
if not (@PlanStartDateL is null)
  SET @WhereClause = @WhereClause + 'AND
    (([PlanStartDate] is null) or ([PlanStartDate] <= CAST(''' + CAST(@PlanStartDateL as nvarchar)  + ''' AS datetime)))'
if not (@PlanEndDateF is null)
  SET @WhereClause = @WhereClause + 'AND
    (([PlanEndDate] is null) or ([PlanEndDate] >= CAST(''' + CAST(@PlanEndDateF as nvarchar)  + ''' AS datetime)))'
if not (@PlanEndDateL is null)
  SET @WhereClause = @WhereClause + 'AND
    (([PlanEndDate] is null) or ([PlanEndDate] <= CAST(''' + CAST(@PlanEndDateL as nvarchar)  + ''' A