How can I insert into a record the text of a procedure stored in ALL_SOURCE.TEXT ?
This part of code gives me error: "missing comma"
execute immediate '
insert into results(SrcProcedure) values(' ''
|| tabela_temporare(1).text ||
'' ')';
I think this is due to the unescaped characters contained in the text of the stored procedure, but I can't find a way to fix it.
If you want to have the string delimiting character (apostrophe: ') inside a Varchar, you must use two consecutive apostrophes and then another one to end the string. It gives you an error because you ended the string first. Try this piece of code:
EXECUTE IMMEDIATE 'INSERT INTO results(SrcProcedure) values(''' || tabela_temporare(1).text || ''')';
EDIT: Better use Bind Variables, see my sample Code:
CREATE TABLE RESULTS (SRCPROCEDURE VARCHAR2 (300));
DECLARE
v_SQL VARCHAR2(4000) := 'INSERT INTO results(SrcProcedure) VALUES(:1)';
BEGIN
EXECUTE IMMEDIATE v_SQL USING 'something2';
END;
I hope it works now! :)
What about simply doing this in your PL/SQL:
INSERT INTO results(SrcProcedure) VALUES (tabela_temporare(1).text);
Internally it will use bind variables to pass your PL/SQL variable into the INSERT.
Note that it is highly advised to stay away from dynamic SQL ( EXECUTE IMMEDIATE
and the likes), because that code will be prone to SQL injection .
[UPDATE] I don't know what more to tell. However consider these things for using a dynamically built SQL within a FOR
loop using string search and replace:
There are good uses of dynamic SQL, but that is just not one of them, and it is also against all possible advice to 'concatenate' parameters vs 'binding' them.
If that text field contains actual stored pl/sql code, the only character likely to cause problems is the single quote.
So replace each instance with two single quotes which will then get parsed as a properly escaped single quote. Of course, you have to escape the quote in the replace statement to get it to work, but try this:
execute immediate '
insert into results(SrcProcedure) values(' ''
|| replace(tabela_temporare(1).text,'''','''''') ||
'' ')';
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.