sql server有兩個轉義符:
' 默認情況下, '是字符串的邊界符, 如果在字符串中包含', 則必須使用兩個', 第1個'就是轉義符
另一個轉義符是"
當SET QUOTED_IDENTIFIER OFF時, "是字符串邊界符, 字符串中的"必須用兩個"表示。
vb: "" <=> "
sql server 2000: ''' <=> '
eg:
declare @SearchType nvarchar(50)
declare @SearchString nvarchar(255)
declare @SearchKey nvarchar(50)
declare @SearchSql nvarchar(2000)
set @SearchType = '2'
set @SearchKey = 'd'
set @SearchString = CASE @SearchType
when '1' then '1 = 1'
when '2' then 'p.ProjectName like ''' + '%' + @searchkey + '%' + ''''
when '3' then 'p.ProjectCity like ''' + '%'+ @searchkey + '%' +''''
when '4' then 'c.CateName like ''' + '%' + @searchkey + '%' + ''''
when '4' then 'p.ProjectManager like ''' + '%' + @searchkey + '%' +''''
END
set @SearchSql = N'
SELECT p.*,datename(year,ProjectPostTime)+ ' + '''-''' + ' + datename(month,ProjectPostTime)+ '+ '''-''' + ' + datename(day,ProjectPostTime)' + ' as PostTime, m.EmpName,c.CateName FROM proProject As p ,mrBaseInf As m ,proCate c WHERE p.EmpID = m.EmpID and p.CateID = c.CateID and '
+ @SearchString
print(@SearchSql)
exec(@SearchSql)