如何在查询mysql中处理\\
[英]how to handle \ in query mysql
问题描述
I have a procedure in which I am making query as string then prepare query and execute. 
我有一个过程,在该过程中,我以字符串形式进行查询,然后准备查询并执行。
Here is the procedure 这是程序
CREATE DEFINER=`root`@`%` PROCEDURE `dim_add_customer`(
IN _customer_id BIGINT(20) ,
IN _first_name VARCHAR(50) ,
)
BEGIN
SET @_query := CONCAT('first_name = "',_first_name,'"');
SET @_query := CONCAT('UPDATE customer_detail SET ',@_query,' WHERE customer_id = ',_customer_id);
PREPARE stmt FROM @_query;
END$$
DELIMITER ;
Now when I call 现在当我打电话
call dim_add_customer(1,'abc\\')
Then there is issue in creating string query.The query it made 然后在创建字符串查询时出现问题。
UPDATE customer_detail SET first_name = "abc\" WHERE customer_id = 1
is there any best solution to solve this ? 有什么最好的解决方案来解决这个问题?
1 个解决方案
解决方案1
1 已采纳 2016-01-06 13:34:41
You shouldn't build the queries by concat. 您不应该通过concat构建查询。
You should use the parameters in the query like 您应该在查询中使用类似的参数
SET @_query="UPDATE customer_detail
SET first_name=@_first_name
WHERE customer_id = @_customer_id"
I'm not sure if you can declare your variables directly from the input parameters like 我不确定是否可以直接从输入参数(例如
CREATE DEFINER=`root`@`%` PROCEDURE `dim_add_customer`(
IN @_customer_id BIGINT(20) ,
IN @_first_name VARCHAR(50) ,
) )
or you have to 否则你必须
SET @_customer_id = _customer_id
SET @_first_name = _first_name
CAVEAT: I'm used to the MsSql-way of creating procedures with variables; CAVEAT:我习惯了用变量创建过程的MsSql方式。 I might have misunderstood something, but at least creating sql by concat should be your last resort. 我可能误解了一些东西,但是至少通过concat创建sql应该是您的最后选择。
Creating queries by concat is the equivalent of 通过concat创建查询等同于
x=1
q=concat("y=",x,"+2")
eval (q)
instead of 代替
x=1
y=x+2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.