stackoom
  简体   繁体   中英

Inserting the text of a stored procedure into a record

 原文  2015-04-28 14:21:54       sql/ oracle/ stored-procedures/ plsql

Question

How can I insert into a record the text of a procedure stored in ALL_SOURCE.TEXT ?

This part of code gives me error: "missing comma" 

  execute immediate '
               insert into results(SrcProcedure)  values(' ''
               || tabela_temporare(1).text ||
               '' ')';

I think this is due to the unescaped characters contained in the text of the stored procedure, but I can't find a way to fix it.

3 answers

solution1
 0  2015-04-28 14:33:17

If you want to have the string delimiting character (apostrophe: ') inside a Varchar, you must use two consecutive apostrophes and then another one to end the string. It gives you an error because you ended the string first. Try this piece of code: 

EXECUTE IMMEDIATE 'INSERT INTO results(SrcProcedure)  values(''' || tabela_temporare(1).text || ''')';

EDIT: Better use Bind Variables, see my sample Code: 

CREATE TABLE RESULTS (SRCPROCEDURE VARCHAR2 (300));

DECLARE
      v_SQL VARCHAR2(4000) := 'INSERT INTO results(SrcProcedure) VALUES(:1)';
BEGIN
     EXECUTE IMMEDIATE v_SQL USING 'something2';
END;

I hope it works now! :)

solution2
 0  2015-04-28 16:21:21

What about simply doing this in your PL/SQL: 

INSERT INTO results(SrcProcedure) VALUES (tabela_temporare(1).text);

Internally it will use bind variables to pass your PL/SQL variable into the INSERT.

Note that it is highly advised to stay away from dynamic SQL ( EXECUTE IMMEDIATE and the likes), because that code will be prone to SQL injection .

[UPDATE] I don't know what more to tell. However consider these things for using a dynamically built SQL within a FOR loop using string search and replace:

  1. It will be terribly slow, because for each loop iteration, you recompile the dynamic SQL.
  2. The SQL itself will execute slower because it cannot be cached.
  3. You have the danger of SQL injection that can lead to bugs and security issues. You think you fixed it by search and replace quotes, but I bet there might be scenario's you did not take into account.
  4. The process itself of search and replace for quotes is also terribly slow.

There are good uses of dynamic SQL, but that is just not one of them, and it is also against all possible advice to 'concatenate' parameters vs 'binding' them.

solution3
 -1 ACCPTED  2015-04-28 15:17:52

If that text field contains actual stored pl/sql code, the only character likely to cause problems is the single quote.

So replace each instance with two single quotes which will then get parsed as a properly escaped single quote. Of course, you have to escape the quote in the replace statement to get it to work, but try this: 

execute immediate '
           insert into results(SrcProcedure)  values(' ''
           || replace(tabela_temporare(1).text,'''','''''') ||
           '' ')';

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Stored Procedure Inserting Last Record Twice, Loop problems? Inserting a record in sybase db table using stored procedure - delphi programming Stored procedure not updating record Trigger (possibly stored procedure) to replace text when a new record is inserted? Stored iterative procedure not inserting into table Stored procedure not inserting all the rows Inserting Varbinary(max) with a stored procedure Stored procedure woes … inserting binary Stored Procedure not Inserting New Row Stored procedure not working for inserting data
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM