[英]Can't use bind variable as table name in sql query APEX ORACLE
SELECT * FROM :TABLENAME
is my query, and Apex isn't letting me run because the app doesn't know the table name. 是我的查询,而Apex不允许我运行,因为该应用程序不知道表名。 How can I dynamically query using variable as the table name.
如何使用变量作为表名动态查询。
Here's how: 这是如何做:
select * from dual
select * from dual
return 'select * from ' || :P22_TABLE_NAME;
return 'select * from ' || :P22_TABLE_NAME;
return 'select * from ' || :P22_TABLE_NAME;
You should know what tables the form might need to query. 您应该知道表单可能需要查询哪些表。 If you have an application item called
TABLE_NAME
, you can union the results together and pick out the right table like this: 如果您有一个名为
TABLE_NAME
的应用程序项,则可以将结果合并在一起并选择合适的表,如下所示:
select col1, col2, col3 from tablex where :TABLE_NAME = 'TABLEX'
union all
select col1, col2, col3 from tabley where :TABLE_NAME = 'TABLEY'
union all
select col1, col2, col3 from tablez where :TABLE_NAME = 'TABLEZ'
The benefit of this approach is that the query will be checked for correct syntax and that the tables have the right columns; 这种方法的好处是将检查查询的语法是否正确,并且表具有正确的列。 and this solution is immune from SQL injection attacks.
并且该解决方案不受SQL注入攻击的影响。
The downside is that if a new table is added, you have to modify the query. 缺点是,如果添加了新表,则必须修改查询。 But if you're creating tables on the fly like this then you should consider revising your strategy anyway.
但是,如果要像这样快速创建表,则无论如何都要考虑修改策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.