通过将参数作为表插入任何表的查询功能 [英] Insert query Function for any table by passing parameter as table

问题描述

大家好，
我正在创建一个函数插入任何表.我将表名称作为字段的参数和数据类型传递.但是问题是我们应该如何确定传递的字段数?
请帮助....

Hi to all,
I am creating a function for insert to any table. I am passing table name as parameter and datatype of field. but the problem is how we should decide the number of fields passing?
Plz help....

推荐答案

如果您正在动态地将SQL语句构建为字符串，则可以执行此操作.但是，当然，这使您容易受到SQL注入攻击，并且每次使用它时都必须构建完整的语句.

如果您要谈论使用SqlParameter对象发送表名，则不能这样做.它将无法正常工作.

If you''re dynmically building the SQL statement as a string, you can do this. But, of course, this opens you up to SQL Injection attacks and you have to build the complete statement every time you use it.

If you''re talking about sending the table name using an SqlParameter object, you can NOT do that. It won''t work.

看看这个，但是它仅适用于SQL Server2008.

代码项目文章:TableValueParameters [

have a look at this, BUT it only works with SQL Server 2008

CodeProject Article: TableValueParameters[^].

if this doesn''t do what you are after read up on LinQ to SQL

这篇关于通过将参数作为表插入任何表的查询功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！