有没有办法将 MySQL 中存储过程中准备好的语句返回的值存储在变量中?
[英]Is there a way to store in a variable the value returned from a prepared statement in a Stored Procedure in MySQL?
问题描述
DELIMITER $$
CREATE PROCEDURE prepared_return_value(IN columnName varchar(20), IN tableName varchar(20), IN rowIndex varchar(10))
BEGIN
SET @columnName = '';
SET @columnName = CONCAT('Select distinct ',columnName ,' from ', tableName, ' LIMIT ', rowIndex, ',', '1', ';');
-- SELECT @columnName;
PREPARE stmt FROM @columnName;
EXECUTE stmt;
END $$
DELIMITER ;
So, i'm trying to dynamic pivoting a table using prepared statements to return the unique value of the rows and use it to alter a table.
因此,我正在尝试使用准备好的语句动态旋转表以返回行的唯一值并使用它来更改表。 But for that, i need to be able to store the returned row value, so i can use it in another prepared statement as the column name.但为此,我需要能够存储返回的行值,这样我就可以在另一个准备好的语句中使用它作为列名。 Apparently i can't store the value from the execution of prepared statement neither from a procedure.显然,我既不能存储来自过程的预准备语句的执行值,也不能存储该值。 I've tried lot of things by know, but none seemed to work, só... any hint on that?我已经尝试了很多事情,但似乎都没有工作,所以......有什么暗示吗?
1 个解决方案
解决方案1
0 2022-01-31 21:43:14
The Varoable is session bound, so you can be used after the procedure has run. Varoable 是 session 绑定的,因此您可以在程序运行后使用。
SELECT @columnName SELECT @columnName
direct after the running outside if the procedure.如果程序在运行后直接运行。
another option s to use an OUT Parameter besides the IN除了IN之外,另一个选项是使用OUT参数
Ypu would run Ypu 会跑
CALL return_value(columnName, tableName, rowIndex, @columnName)
And the crete procedure wil look like克里特岛程序看起来像
CREATE PROCEDURE prepared_return_value(IN columnName varchar(20), IN tableName varchar(20), IN rowIndex varchar(10), OUT myoutput TEXT
Still what you are doing is highly problematic as it could be used for sql injection, so you should white list colu,nname an Tablename你所做的仍然是一个很大的问题,因为它可以用于 sql 注入,所以你应该白名单列,命名一个表名
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.