更新时间:2023-02-07 11:55:43
尝试:
SELECT into #T1 execute ('execute ' + @SQLString )
这闻起来真的很糟糕,就像一个 sql 注入漏洞.
And this smells real bad like an sql injection vulnerability.
更正(根据@CarpeDiem 的评论):
correction (per @CarpeDiem's comment):
INSERT into #T1 execute ('execute ' + @SQLString )
此外,如果 sql 字符串不是过程,则省略 'execute'
also, omit the 'execute'
if the sql string is something other than a procedure