带有 for 循环 PL/SQL 的动态 sql
[英]Dynamic sql with for loop PL/SQL
问题描述
The following query needs to convert to dynamic SQL without hard code cursor SQL, using l_query, I do not know the l_query it will come as a parameter.
下面的查询需要转换成动态的SQL无硬编码cursor SQL,使用l_query,我不知道l_query它会作为一个参数来。 Inside the loop, I need to execute another insert query ( l_insert_query) that also comes as a parameter.在循环内部,我需要执行另一个插入查询 (l_insert_query),它也作为参数出现。
Your counsel would be much appreciated您的建议将不胜感激
DECLARE
CURSOR cust
IS
SELECT *
FROM customer
WHERE id < 500;
BEGIN
l_query := 'SELECT * FROM customer WHERE id < 5';
l_insert_query :=
'insert into data ( name, mobile) values ( cust.name,cust.mobile)';
FOR r_cust IN cust
LOOP
EXECUTE IMMEDIATE l_insert_query;
END LOOP;
END;
1 个解决方案
解决方案1
3 2020-08-14 08:54:48
You could do this with a dynamic PL/SQL block:您可以使用动态 PL/SQL 块来执行此操作:
declare
l_query varchar2(100) := 'SELECT * FROM customer WHERE id < 5';
l_insert varchar2(100) := 'insert into data ( name, mobile) values ( cust.name,cust.mobile)';
l_plsql varchar2(4000);
begin
l_plsql := '
begin
for cust in (' || l_query || ') loop
' || l_insert || ';
end loop;
end;
';
dbms_output.put_line(l_plsql);
execute immediate l_plsql;
end;
/
The l_plsql statement ends up as a generated PL/SQL block using the cursor query and insert statement: l_plsql语句最终作为使用 cursor 查询和插入语句生成的 PL/SQL 块:
begin
for cust in (SELECT * FROM customer WHERE id < 5) loop
insert into data ( name, mobile) values ( cust.name,cust.mobile);
end loop;
end;
But that you can do this doesn't mean you should.但你能做到这一点并不意味着你应该这样做。 This is vulnerable to SQL injection, and doesn't seem like a very safe, sensible or efficient way to handle data manipulation in your system.这很容易受到 SQL 注入的影响,并且似乎不是一种非常安全、明智或有效的方法来处理系统中的数据操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.