存储过程分页的有关问题
日期:2014-05-19 浏览次数:20394 次
存储过程分页的问题
我用的是下面的方法
http://www.cnblogs.com/zm235/archive/2006/11/15/561595.html
现在问题是.存储过程规定了几个参数.如页大小.表名等等.可是我现在还想传条件参数进去如: where userName=@userName
但是如果传了规定外的参数就说参数数目不对.可是如果不作参数传的话.就很容易造成注入.大家有什么解决的方法?
------解决方案--------------------
http://dev.csdn.net/author/stbrine/1baf1f6f29444e09a7dd787a1d7a0b7c.html
上面的这个,我测试了,没问题。
------解决方案--------------------
如果是MSSQL2005,那么可以利用ROW_NUMBER() 来分页,结合aspnetpager,很容易就实现了.
看我的:
CREATE PROCEDURE [dbo].[spGetStaffListForPager]
@coId varchar(16),
@keyStr varchar(32),
@startIndex int,
@pageSize int
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
WITH staffList as
(
SELECT ROW_NUMBER() OVER(ORDER BY aspnet_Users.UserName DESC) AS ROW, eCStaff.StaffName as StaffName,eCStaff.Sex as Sex,eCStaff.Photo as Photo,eCHeadship.HeadshipId as HeadId,
eCHeadship.Headship as HeadName,eCDepartment.DepId as DepId,eCDepartment.Name as DepName,eCDepartment.Phone as DepPhone,
eCDepartment.ExtNumber as DepExt, eCDepartment.Fax as DepFax,
aspnet_Membership.Email as StaffMail,aspnet_Users.UserName as StaffID
FROM eCStaff,eCHeadship,eCDepartment,aspnet_Membership,aspnet_Users
WHERE
eCStaff.CoId=@coId
AND
eCStaff.HeadshipId=eCHeadship.HeadshipId
AND
eCHeadship.CoId=@coId
AND
eCStaff.DepId=eCDepartment.DepId
AND
eCDepartment.CoId=@coId
AND
eCStaff.StaffId=aspnet_Users.UserName
AND
aspnet_Users.UserId=aspnet_Membership.UserId
AND StaffName LIKE ' '% ' '+@keyStr+ ' '% ' '
)
SELECT * FROM staffList WHERE ROW between @startIndex and @startIndex+@pageSize-1
END
我用的是下面的方法
http://www.cnblogs.com/zm235/archive/2006/11/15/561595.html
现在问题是.存储过程规定了几个参数.如页大小.表名等等.可是我现在还想传条件参数进去如: where userName=@userName
但是如果传了规定外的参数就说参数数目不对.可是如果不作参数传的话.就很容易造成注入.大家有什么解决的方法?
------解决方案--------------------
http://dev.csdn.net/author/stbrine/1baf1f6f29444e09a7dd787a1d7a0b7c.html
上面的这个,我测试了,没问题。
------解决方案--------------------
如果是MSSQL2005,那么可以利用ROW_NUMBER() 来分页,结合aspnetpager,很容易就实现了.
看我的:
CREATE PROCEDURE [dbo].[spGetStaffListForPager]
@coId varchar(16),
@keyStr varchar(32),
@startIndex int,
@pageSize int
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
WITH staffList as
(
SELECT ROW_NUMBER() OVER(ORDER BY aspnet_Users.UserName DESC) AS ROW, eCStaff.StaffName as StaffName,eCStaff.Sex as Sex,eCStaff.Photo as Photo,eCHeadship.HeadshipId as HeadId,
eCHeadship.Headship as HeadName,eCDepartment.DepId as DepId,eCDepartment.Name as DepName,eCDepartment.Phone as DepPhone,
eCDepartment.ExtNumber as DepExt, eCDepartment.Fax as DepFax,
aspnet_Membership.Email as StaffMail,aspnet_Users.UserName as StaffID
FROM eCStaff,eCHeadship,eCDepartment,aspnet_Membership,aspnet_Users
WHERE
eCStaff.CoId=@coId
AND
eCStaff.HeadshipId=eCHeadship.HeadshipId
AND
eCHeadship.CoId=@coId
AND
eCStaff.DepId=eCDepartment.DepId
AND
eCDepartment.CoId=@coId
AND
eCStaff.StaffId=aspnet_Users.UserName
AND
aspnet_Users.UserId=aspnet_Membership.UserId
AND StaffName LIKE ' '% ' '+@keyStr+ ' '% ' '
)
SELECT * FROM staffList WHERE ROW between @startIndex and @startIndex+@pageSize-1
END
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
