获取 .BAT 文件或 SQLCMD 以提示用户输入
我正在尝试运行以下查询,
sqlcmd -STEMP7 -E -devolive_base -w256
-QEXIT("DECLARE @r int EXEC @r = usp_AddToObservationtbl $,$,$ SELECT @r")
我正在尝试获取 BAT 文件来向用户询问 3 个变量......任何人都可以帮助我吗?
I am attempting to run the following query
sqlcmd -STEMP7 -E -devolive_base -w256
-QEXIT("DECLARE @r int EXEC @r = usp_AddToObservationtbl $,$,$ SELECT @r")
I am attempting to get the BAT file to ask the user for 3 variables.... can anyone help me ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以使用
set /p获取变量:...然后在命令行中使用它们:
请记住,这仍然会让您容易受到 SQL 注入攻击或有人输入破坏性内容。
You can use
set /pto get variables:...then use them in your command line:
Bear in mind this still leaves you open to SQL Injection attacks or someone entering something destructive.
谢谢评论的人。
问题似乎是我的 SQLCMD 语法不正确,但它没有抛出错误,如果我用 osql 替换它,变量替换确实有效。所以这很好用
Thanks the comments people.
The problem appeared to be my syntax for SQLCMD is incorrect, but its not throwing an error, the variable substitution does work if I replace it with osql instead. So this works fine
这是一个简单的示例,解决了基本问题并删除了实际查询的细节。
我删除了更改 Windows 提示符的命令和关闭回显的命令,因为这些命令只是用于美化输出,而不是解决方案的一部分。我还在数据输入提示中使用了下划线,其中通常有一个空格,以便您可以看到它。我在 bat 文件末尾留下了一个暂停,这只是为了查看输出所必需的,以防您想自己尝试一下。
test.bat
test.sql
当您运行批处理文件时,这就是您得到的结果。
实际上,您可能会对批处理变量和 SQL 变量使用相同的名称。上面它们是不同的,以说明什么是什么。
如果您需要这样做,您可能需要多个变量。您可以通过重复
sqlcmd的-v sqlvariablename=%batchvariablename%部分来处理此问题,例如test.bat
test.sql
请注意,其中添加了引号第二个示例(对于字符串数据)未出现在第一个示例中(仅包含数字数据)。
您可能希望针对项目字段运行
Box of Chocolates示例并检查行为。Here is a simple example with the basic problem solved and specifics of your actual query removed.
I have removed a command to change the Windows prompt and a command to turn echo off, as these were just used to beautify the output, not part of the solution. I've also used an underscore in the data input prompt where you would normally have a space, so that you can see it. I have left a
pauseat the end of the bat file, which is only necessary to see the output, in case you want to try it out yourself.test.bat
test.sql
When you run the batch file, this is what you get.
In practice you are likely to use the same names for the batch variable and the SQL variable. They are different above to illustrate what's what.
If you need to do this, you may need more than one variable. You handle this by repeating the
-v sqlvariablename=%batchvariablename%part of thesqlcmd, e.g.test.bat
test.sql
Note that there are quotes added into this second example (for string data) which didn't appear in the first example (with numerical data only).
You might want to run the example with
Box of Chocolatesfor the item field and check the behavior.