如何通过javascript将数组作为参数传递给plsql过程
[英]How to pass array as a parameter to a plsql procedure through javascript
问题描述
I am calling a plsql procedure from window.opener.location.href, I want to pass an array as a parameter to this procedure. 
我从window.opener.location.href调用一个plsql过程,我想将一个数组作为参数传递给这个过程。
window.opener.location.href="dt_bulk_test_pkg.pc_bulk_test?ps="+frmresult.ps.value+
"&p_step="+frmresult.p_step.value+
"&p_year="+frmresult.p_year.value+
"&p_quarter="+frmresult.p_quarter.value+
"&p_diagnostic_type="+frmresult.p_diagnostic_type.value+
"&p_overwrite="+frmresult.p_overwrite.value+
"&p_company_id="+v_comp_id;
v_comp_id is an array. v_comp_id是一个数组。
2 个解决方案
解决方案1
1 已采纳 2012-07-19 10:53:16
PL/SQL is a database technology, Javascript is an in-browser technology (unless you're doing server side JS with node or Rhino but you are not). PL / SQL是一种数据库技术,Javascript是一种浏览器内部技术(除非您使用节点或Rhino进行服务器端JS,但事实并非如此)。 The browser can only communicate with web servers. 浏览器只能与Web服务器通信。 So from the point of javascript, you're not calling a stored procedure, you're calling a web-server that you must have running somewhere that calls that stored procedure. 因此,从javascript的角度来看,您不是在调用存储过程,而是调用一个必须在调用该存储过程的某个地方运行的Web服务器。
How exactly arrays are represented is up to the server-side language/web-framework, but a fairly standard approach is that taken by jQuery's $.param method. 如何精确地表示数组取决于服务器端语言/ web框架,但是一种相当标准的方法是jQuery的$ .param方法。 For example, opening up the console on this site I can do this: 例如,在这个网站上打开控制台,我可以这样做:
> $.param({example: [1,2,3]})
"example%5B%5D=1&example%5B%5D=2&example%5B%5D=3"
Words of warning. 警告的话。
- Exposing database stored procedures directly via HTTP is not only bad design, but likely a crazy-bad security risk. 直接通过HTTP公开数据库存储过程不仅设计糟糕,而且可能是一个疯狂的安全风险。
- Embedding parameters in a url means you are using an HTTP GET request. 在url中嵌入参数意味着您正在使用HTTP GET请求。 GET requests are meant for resources that do not affect the state of the server so be careful that your stored procedure only gets data, not changes it. GET请求适用于不影响服务器状态的资源,因此请注意您的存储过程只获取数据,而不是更改数据。 The danger is that someone could put that url in an email or even an img src tag on a webpage and people would hit that url simply by clicking a link or visiting a web page. 危险在于有人可以将该网址放在电子邮件中,甚至是网页上的img src标签,人们只需点击链接或访问网页即可点击该网址。
- All parameters should pass through url encoding. 所有参数都应通过url编码。 Like I mentioned, jQuery.param will do this. 就像我提到的,jQuery.param会这样做。
- You are likely exposing yourself to XSS attacks as well. 您也可能会暴露自己的XSS攻击 。
解决方案2
1 2014-04-13 14:20:19
I know that this is an old thread but I landed here so I guess others will. 我知道这是一个老线程,但我降落在这里,所以我猜其他人会。
It is quite possible to pass arrays to PL/SQL via a URL and it is explicitly supported, not a dodgy hack. 很可能通过URL将数组传递给PL / SQL,并且它是明确支持的,而不是一个狡猾的黑客。 Link to Oracle doc 链接到Oracle doc
You declare the PL/SQL input parameter as a table of varchar2. 您将PL / SQL输入参数声明为varchar2表。 Then you pass the same parameter name repeatedly in the URL. 然后在URL中重复传递相同的参数名称。
1/ Example PL/SQL source: 1 /示例PL / SQL源:
CREATE OR REPLACE PROCEDURE test_array(
p IN dbms_sql.varchar2_table )
AS
BEGIN
FOR i IN p.FIRST .. p.LAST
LOOP
htp.p(p(i)||'<br>');
END LOOP;
END test_array;
* 2/ Example URL to invoke it: - substitute XXXXXXXXXXXXXX with your own setup * * 2 /调用它的示例URL: - 用您自己的设置替换XXXXXXXXXXXXXX *
http://XXXXXXXXXXXXXX/test_array?p=first ele&p=second ele
3/ Output 3 /输出
first ele
second ele
You can pass in as many elements as you want, I just used 2 for this example. 您可以根据需要传入任意数量的元素,本例中我只使用了2。
If your data type is not varchar2, capture them as varchar2 from the URL anyway and convert them to numbers etc inside the pl/sql. 如果您的数据类型不是varchar2,请将它们从URL中捕获为varchar2,并将它们转换为pl / sql内的数字等。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.