更新时间:2023-02-07 11:33:35
尝试:
SELECT into #T1 execute ('execute ' + @SQLString )
闻起来像是SQL注入漏洞,真是不好。
And this smells real bad like an sql injection vulnerability.
更正(根据@CarpeDiem的评论):
correction (per @CarpeDiem's comment):
INSERT into #T1 execute ('execute ' + @SQLString )
'执行'
如果sql字符串不是过程字符串
also, omit the 'execute'
if the sql string is something other than a procedure