--1通过 exec 直接执行
declare @Month int,@Year int,@CompanyName nvarchar(50),@CurrentUserID nvarchar(500),
set @Month=1
set @Year=2013
set @CompanyName='xx公司'
set @CurrentUserID='1,2,-1'
-- 通过 exec 直接执行,字符串类型,一定要放在''' '''之间
exec(' SELECT * FROM TestInfo
where Month='+@Month+'
and Year='+@Year+'
and CurrentUserID in ( '+@CurrentUserID+')
and CompanyInfo.Name = '''+@CompanyName+'''')
--2 先定义sql语句变量,定义变量类型,传入变量' 字符串类型,一定要放在''' '''之间
declare @StrSql nvarchar(2000)
declare @Month int,@Year int,@CompanyName nvarchar(50)
set @Month=1
set @Year=2013
set @CompanyName='xx公司'
set @StrSql =' SELECT * FROM TimeInfo
where Month=@Month
and Year=@Year
and CompanyInfo.Name = @CompanyName'
--定义传入参数变量字符串
declare @ParmDMefinition nvarchar(200)
--设置参数,要求参数名字、类型、顺序和sql语句中一样
SET @ParmDMefinition = N'@Month int,@Year int,@CompanyName nvarchar(50)'
--执行
EXECUTE sp_executesql @StrSql, @ParmDMefinition, @Month,@Year,@CompanyName