This article mainly introduces the correct way for SQL Server to execute dynamic SQL. Friends who need it can refer to it
If SQL Server executes dynamic SQL, how should it be implemented? The following will introduce you to SQL Server execution dynamics. Two correct ways of SQL, I hope it can give you a deeper understanding of SQL Server executing dynamic SQL
Dynamic SQL: code that is executed dynamically. It is generally a SQL statement block that is dynamically combined based on user input or external conditions. .Dynamic SQL can flexibly exert the powerful functions of SQL and conveniently solve some problems that are difficult to solve by other methods. I believe that anyone who has used dynamic SQL can appreciate the convenience it brings. However, dynamic SQL sometimes suffers from execution performance (efficiency) )The above is not as good as static SQL, and if used improperly, there are often hidden dangers in security (SQL injection attacks).
Dynamic SQL can be executed in two ways: EXECUTE or SP_EXECUTESQL.
EXECUTE
Execute the command string or string in the Transact-SQL batch or execute one of the following modules: system stored procedure, user-defined stored procedure, standard A value user-defined function or extended stored procedure. SQL Server 2005 extended the EXECUTE statement so that it can be used to send pass commands to a linked server. In addition, you can also explicitly set the context in which a string or command is executed
SP_EXECUTESQL
Execute a Transact-SQL statement or batch that can be reused multiple times or dynamically generated. Transact-SQL statements or batches can contain embedded parameters. In batches, name scopes SP_EXECUTESQL behaves the same as EXECUTE in terms of database context. The Transact-SQL statement or batch in the SP_EXECUTESQL stmt parameter is not compiled until the SP_EXECUTESQL statement is executed. Subsequently, the contents of the stmt are compiled and run as an execution plan. The The execution plan is independent of the execution plan of the batch named SP_EXECUTESQL. The SP_EXECUTESQL batch cannot reference variables declared in the batch that calls SP_EXECUTESQL. Local cursors or variables in the SP_EXECUTESQL batch are not visible to the batch that calls SP_EXECUTESQL. Changes made to the database context are only effective until the end of the SP_EXECUTESQL statement.
If only the parameter values in the statement are changed, sp_executesql can be used to execute the Transact-SQL statement multiple times instead of the stored procedure. Because the Transact-SQL statement itself Remains unchanged, only the parameter values change, so the SQL Server query optimizer may reuse the execution plan generated during the first execution.
Generally speaking, we recommend and give priority to using SP_EXECUTESQL to execute dynamic SQL. On the one hand, it is more flexible and can have input and output parameters. On the other hand, the query optimizer is more likely to reuse execution plans and improve execution efficiency. In addition, using SP_EXECUTESQL can improve security; of course, this does not mean that EXECUTE should be completely abandoned. In certain situations, EXECUTE is more convenient than SP_EXECUTESQL. For example, dynamic SQL strings are of VARCHAR type, not NVARCHAR type. SP_EXECUTESQL can only execute Unicode strings or constants or variables that can be implicitly converted to ntext, while EXECUTE can only execute both. All types of strings can be executed.
Let’s compare some details of EXECUTE and SP_EXECUTESQL.
EXECUTE(N'SELECT * FROM Groups' ) --Execution successful
EXECUTE('SELECT * FROM Groups') --Execution successful
SP_EXECUTESQL N'SELECT * FROM Groups'; --Execution successful
SP_EXECUTESQL 'SELECT * FROM Groups' --Execution error
Summary: EXECUTE can execute non-Unicode or Unicode type string constants and variables. SP_EXECUTESQL can only execute Unicode or string constants that can be implicitly converted to ntext , variable.
DECLARE @GroupName VARCHAR(50);SET@GroupName ='SuperAdmin';
EXECUTE('SELECT * FROM Groups WHERE GroupName=''' + SUBSTRING(@GroupName, 1,5) + ''''); --There is a syntax error near 'SUBSTRING'.
DECLARE @Sql VARCHAR(200);
DECLARE @GroupName VARCHAR(50);SET @GroupName ='SuperAdmin';
SET@Sql='SELECT * FROM Groups WHERE GroupName=''' + SUBSTRING(@GroupName, 1,5) + ''''
- -PRINT @Sql;EXECUTE(@Sql);
Summary: EXECUTE The brackets can only contain string variables, string constants, or their combinations, and cannot call other functions, stored procedures, etc. If To use, use a variable combination, as shown above.
DECLARE @Sql VARCHAR(200);
DECLARE @GroupName VARCHAR(50);SET@GroupName ='SuperAdmin';
SET@Sql='SELECT * FROM Groups WHEREGroupName=@GroupName'
--PRINT @Sql;EXECUTE(@Sql); --Error: Must declare scalar variable "@GroupName".SET @Sql='SELECT * FROM Groups WHERE GroupName=' + QUOTENAME(@GroupName, '''')
EXECUTE(@Sql); --Correct:
DECLARE @Sql NVARCHAR( 200);
DECLARE @GroupName NVARCHAR(50);SET@GroupName ='SuperAdmin';
SET@Sql='SELECT * FROM Groups WHEREGroupName=@GroupName'
PRINT @Sql;
EXEC SP_EXECUTESQL @Sql,N'@GroupNameNVARCHAR',@GroupName
There is no result in the query, and the parameter length is not declared.
DECLARE @Sql NVARCHAR(200);
DECLARE @GroupName NVARCHAR(50);SET@GroupName ='SuperAdmin';
SET@Sql ='SELECT * FROM Groups WHERE GroupName=@GroupName'
PRINT @Sql;
EXEC SP_EXECUTESQL @Sql, N'@GroupName NVARCHAR(50)' ,@GroupName
Summary: Dynamic batch processing cannot access local variables defined in the batch. SP_EXECUTESQL can have input and output parameters, which is more flexible than EXECUTE.
Let’s take a look at EXECUTE, SP_EXECUTESQL For execution efficiency, first clear the cache execution plan, then change the @GroupName value SuperAdmin, CommonUser, and CommonAdmin and execute it three times respectively. Then look at the cache information
DBCC FREEPROCCACHE;
DECLARE @Sql VARCHAR(200);
DECLARE @GroupName VARCHAR(50); SET@GroupName ='SuperAdmin'; --'CommonUser', 'CommonAdmin'
SET@Sql ='SELECT * FROM Groups WHERE GroupName=' + QUOTENAME(@GroupName, '''')
EXECUTE(@Sql); SELECTcacheobjtype, objtype, usecounts, sql
FROM sys.syscacheobjects
WHERE sql NOTLIKE '%cache%'
ANDsql NOTLIKE '%sys.%';
Following the same pattern, let’s take a look at the execution efficiency of SP_EXECUTESQL
DBCC FREEPROCCACHE;
DECLARE @Sql NVARCHAR(200);
DECLARE @GroupName NVARCHAR(50);SET@GroupName ='SuperAdmin'; --'CommonUser', 'CommonAdmin'
SET@Sql ='SELECT * FROM Groups WHERE GroupName=@GroupName'
EXECUTESP_EXECUTESQL @Sql, N'@GroupName NVARCHAR(50)', @GroupName;
SELECTcacheobjtype , objtype, usecounts, sql
FROM sys.syscacheobjects
WHERE sql NOTLIKE '%cache%'
ANDsql NOTLIKE '%sys.%';
Summary: EXEC generated three independent ad hoc execution plans, while SP_EXECUTESQL only generated one execution plan and reused it three times. Imagine if there are many similar dynamic SQLs in a library and they are executed frequently. If you use SP_EXECUTESQL can improve performance.
The following are additions from other netizens
For some special reasons, we need to dynamically create SQL statements in SQL statements or stored procedures, and then Dynamically execute SQL statements or stored procedures.
Here, Microsoft provides two methods, one is to use the
Execute function
The execution method is
Execute(@sql) Dynamically execute a SQL statement, but the SQL statement here cannot get the return result. Let's introduce another method
Use stored proceduressp_ExecuteSql
Use the storage Procedure, you can return the parameters in the dynamic statement.
For example
declare @sql nvarchar(800),@dd varchar(20) set @sql='set @mm=''测试字符串''' exec sp_executesql @sql,N'@mm varchar(20) output',@dd output select @dd
When executed, the value of a variable in the internally created SQL statement will be returned to the external caller.
Mainly comes from an accidental need at work:
create proc proc_InToServer @收费站点编号 varchar(4),@车道号 tinyint,@进入时间 varchar(23),@UID char(16),
@车牌 varchar(12),@车型 char(1),@识别车牌号 varchar(12),@识别车型 char(1),@收费金额 money,@交易状态 char(1),
@有图像 bit,@离开时间 varchar(23),@速度 float,@HasInsert int output
as
begin
declare @inTime datetime,@TableName varchar(255),@leaveTime datetime,@HasTable bit,@Sql nvarchar(4000)
select @intime=Convert(datetime,@进入时间),@leaveTime=Convert(datetime,@离开时间)
set @TableName='ETC03_01_OBE原始过车记录表_'+dbo.formatDatetime(@intime,'YYYYMMDD')
select @HasTable=(Case when Count(*)>0 then 1 else 0 end) from sysobjects where id=Object_id(@TableName) and ObjectProperty(id,'IsUserTable')=1
if @HasTable=0
begin
set @Sql='CREATE TABLE [dbo].['+@TableName+'] (
[收费站点编号] [char] (4) COLLATE Chinese_PRC_CI_AS NOT NULL,
[车道号] [tinyint] NOT NULL,
[进入时间] [datetime] NOT NULL,
[UID] [char] (16) COLLATE Chinese_PRC_CI_AS NOT NULL,
[车牌] [varchar] (12) COLLATE Chinese_PRC_CI_AS NULL ,
[车型] [char] (1) COLLATE Chinese_PRC_CI_AS NULL ,
[识别车牌号] [varchar] (12) COLLATE Chinese_PRC_CI_AS NULL ,
[识别车型] [char] (1) COLLATE Chinese_PRC_CI_AS NULL ,
[收费金额] [money] NULL ,
[交易状态] [char] (1) COLLATE Chinese_PRC_CI_AS NULL ,
[有图像] [bit] NOT NULL ,
[离开时间] [datetime] NULL ,
[速度] [float] NULL,
Constraint'+' PK_'+@TableName+' primary key(收费站点编号,车道号,进入时间,UID)
) ON [PRIMARY]'
Execute(@Sql)
end
set @sql = 'select @Cnt=count(*) from '+@TableName+ ' where 收费站点编号='''+@收费站点编号+''' and 车道号='+cast(@车道号 as varchar(4))+' and 进入时间='''+@进入时间+''' and UID='''+@UID+''''
set @sql = @sql + ' if @Cnt=0 '
set @sql=@sql+'insert '+@TableName+' values('''+@收费站点编号+''','+cast(@车道号 as varchar(4))+','''+@进入时间+''','''+@Uid+''','''+@车牌+
''','''+@车型+''','''+ @识别车牌号+''','''+@识别车型+''','+Cast(@收费金额 as varchar(8))+','''+@交易状态+''','+cast(@有图像 as varchar(1))+
','''+@离开时间+''','+Cast(@速度 as varchar(8))+')'
--Execute(@sql)
exec sp_executesql @sql,N'@Cnt int output',@HasInsert output
endSupplementary information 2.
SQL Server executes dynamic SQL statements in a loop.
The query was executed successfully using the Navicate tool.
declare @name nvarchar(100) declare @sql nvarchar(200) declare @i int set @i =10000 while @i<=99999 begin set @name = 'test' + cast(@i as varchar(20)) set @sql =N'SELECT * INTO '+ @name +' FROM test' exec sp_executesql @sql print @name set @i=@i + 1 end
The above is the detailed content of Explain the correct way for SQL Server to execute related dynamic SQL. For more information, please follow other related articles on the PHP Chinese website!
修复:Windows 11 的动态刷新率不起作用Apr 13, 2023 pm 08:52 PM您可以通过计算图像每秒更新的次数来衡量屏幕的刷新率。DRR 是 Windows 11 中包含的一项新功能,可帮助您节省电池寿命,同时仍提供更流畅的显示,但当它无法正常工作时也就不足为奇了。随着越来越多的制造商宣布计划停止生产 60Hz 显示器,具有更高刷新率的屏幕预计将变得更加普遍。这将导致更流畅的滚动和更好的游戏,但它会以减少电池寿命为代价。但是,此 OS 迭代中的动态刷新率功能是一个漂亮的附加功能,可以对您的整体体验产生重大影响。继续阅读,我们将讨论如果 Windows 11 的动态刷新率未
如何在 iPhone 屏幕录制中隐藏动态岛和红色指示器Apr 13, 2023 am 09:13 AM在iPhone上,Apple 的屏幕录制功能会录制您在屏幕上所做的事情的视频,如果您想捕捉游戏玩法、引导他人完成应用程序中的教程、演示错误或其他任何事情,这非常有用。在显示屏顶部有凹口的旧款 iPhone 上,该凹口在屏幕录制中不可见,这是应该的。但在带有 Dynamic Island 切口的较新 iPhone 上,例如 iPhone 14 Pro 和 iPhone 14 Pro Max,Dynamic Island 动画显示红色录制指示器,这导致切口在捕获的视频中可见。这可能会
如何在 Windows 11 上将动态磁盘转换为基本磁盘Sep 23, 2023 pm 11:33 PM如果要在Windows11中将动态磁盘转换为基本磁盘,则应首先创建备份,因为该过程将擦除其中的所有数据。为什么要在Windows11中将动态磁盘转换为基本磁盘?根据Microsoft,动态磁盘已从Windows中弃用,不再推荐使用。此外,Windows家庭版不支持动态磁盘,因此您将无法访问这些逻辑驱动器。如果要将更多磁盘合并到更大的卷中,建议使用基本磁盘或存储空间。在本文中,我们将向您展示如何在Windows11上将动态磁盘转换为基本磁盘如何在Windows11中将动态磁盘转换为基本磁盘?在开始
如何安装、卸载、重置Windows服务器备份Mar 06, 2024 am 10:37 AMWindowsServerBackup是WindowsServer操作系统自带的一个功能,旨在帮助用户保护重要数据和系统配置,并为中小型和企业级企业提供完整的备份和恢复解决方案。只有运行Server2022及更高版本的用户才能使用这一功能。在本文中,我们将介绍如何安装、卸载或重置WindowsServerBackup。如何重置Windows服务器备份如果您的服务器备份遇到问题,备份所需时间过长,或无法访问已存储的文件,那么您可以考虑重新设置WindowsServer备份设置。要重置Windows
如何在 Windows 11 的桌面和开始菜单上获取动态磁贴Apr 14, 2023 pm 05:07 PM想象一下,您正在系统上寻找某些东西,但不确定要打开或选择哪个应用程序。这就是动态磁贴功能发挥作用的地方。任何支持的应用程序的动态磁贴都可以添加到桌面或Windows系统的开始菜单上,其磁贴经常变化。LiveTiles使应用程序小部件变得活跃起来,非常令人愉悦。不仅是为了它的外观,甚至是为了方便。假设您在系统上使用whatsapp或facebook应用程序,如果在应用程序图标上显示通知数量不是很方便吗?如果将任何此类受支持的应用程序添加为动态磁贴,则这是可能的。让我们看看如何在Windows
Windows 10和11如何禁止文件夹和文件的动态显示以阻止快速访问?May 06, 2023 pm 04:58 PM微软在Windows10中引入了快速访问,并在最近发布的Windows11操作系统中保留了该功能。快速访问取代了文件资源管理器中的收藏夹系统。这两个功能之间的核心区别之一是快速访问在其列表中添加了一个动态组件。一些文件夹永久显示,而其他文件夹则根据使用情况显示。固定文件夹显示有一个大头针图标,动态文件夹没有这样的图标。您可以在此处查看我的收藏夹和快速访问之间的比较,了解更多详细信息。快速访问比收藏夹更强大,但动态文件夹列表为其添加了混乱元素。可能会显示无用或不应在文件资源管理器中突出显示的文件
如何在 Windows 11 上使用动态锁定Apr 13, 2023 pm 08:31 PM什么是 Windows 11 上的动态锁定?动态锁定是 Windows 11 的一项功能,可在连接的蓝牙设备(您的手机或可穿戴设备)超出范围时锁定您的计算机。即使您在离开时忘记使用 Windows 键 + L 快捷键,动态锁定功能也会自动锁定您的 PC。Dynamic Lock 使用任何带有蓝牙的连接设备,但最好使用电池电量和续航里程充足的设备,例如您的手机。一旦您的设备在 30 秒内无法触及,Windows 将自动锁定屏幕。将蓝牙设备与 Windows 11 配对要让一切正常运行,您需要先将
如何使用HTML、CSS和jQuery制作一个动态的图片轮播Oct 25, 2023 am 10:09 AM如何使用HTML、CSS和jQuery制作一个动态的图片轮播在网站设计和开发中,图片轮播是一个经常使用的功能,用于展示多张图片或广告横幅。通过HTML、CSS和jQuery的结合,我们可以实现一个动态的图片轮播效果,为网站增加活力和吸引力。本文将介绍如何使用HTML、CSS和jQuery制作一个简单的动态图片轮播,并提供具体的代码示例。第一步:设置HTML结
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Dreamweaver CS6
Visual web development tools
SublimeText3 Chinese version
Chinese version, very easy to use
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
