如何将列名和表名作为参数传递给SQL存储过程
[英]How can I pass column and table name as parameters to a SQL stored procedure
问题描述
CREATE OR REPLACE FUNCTION getIdFromNameParameter
(columnName VARCHAR2, tableName VARCHAR2, whereColumn VARCHAR2, parameterColumn VARCHAR2)
RETURN VARCHAR2
AS
idCatc VARCHAR2(50);
BEGIN
execute immediate 'SELECT ' || columnName || ' INTO ' || idCatc || ' FROM ' || tableName || ' WHERE ' || whereColumn || ' = ' || parameterColumn;
RETURN idCatc;
END;
/
我收到此警告:
警告:函数创建时出现编译错误
2 个解决方案
解决方案1
3 2018-02-04 17:44:29
一方面, into是execute immediate一部分:
CREATE OR REPLACE FUNCTION getIdFromNameParameter (
in_columnName VARCHAR2,
in_tableName VARCHAR2,
in_whereColumn VARCHAR2,
in_parameterColumn VARCHAR2)
RETURN VARCHAR2
AS
idCatc VARCHAR2(50);
BEGIN
execute immediate 'SELECT ' || in_columnName || ' FROM ' || in_tableName || ' WHERE ' || in_whereColumn || ' = ' || in_parameterColumn
INTO idCatc;
RETURN idCatc;
END;
您还使用+进行字符串连接。
解决方案2
1 已采纳 2018-02-04 20:47:36
如果创建这样的函数,请使用以下类似方法确保它免受sql注入的侵害。 这使用dbms_assert清除输入内容,以防诸如'; drop table xyz;'之类的问题。
CREATE OR REPLACE FUNCTION getidfromnameparameter (
in_columnname VARCHAR2,
in_tablename VARCHAR2,
in_wherecolumn VARCHAR2,
in_parametercolumn VARCHAR2
) RETURN VARCHAR2 AS
idcatc VARCHAR2(50);
BEGIN
EXECUTE IMMEDIATE 'SELECT '
|| sys.dbms_assert.qualified_sql_name(in_columnName)
|| ' FROM '
|| sys.dbms_assert.sql_object_name(in_tableName)
|| ' WHERE '
|| sys.dbms_assert.qualified_sql_name(in_whereColumn)
|| ' = '
|| sys.dbms_assert.enquote_literal(in_parametercolumn)
INTO idcatc;
RETURN idcatc;
END;
/
如何在SQL Server中将列名和表名作为参数传递给存储过程?
[英]How to pass column name as well as Table Name to a stored procedure as a parameter in SQL Server?
我可以在存储过程的 SQL 更新中将列名作为输入参数传递吗
[英]Can I pass column name as input parameter in SQL update in stored procedure
如何在 PL/SQL 的存储过程中将列名作为参数传递?
[英]How to pass column name as parameter in a Stored Procedure in PL/SQL?
SQL LOOP将临时表中的值作为参数传递给存储过程
[英]SQL LOOP Pass values from Temp Table as parameters to stored procedure
将表名和列名动态传递给 PL/SQL 存储过程
[英]Passing table name and column name dynamically to PL/SQL Stored procedure
如何将表中列的每个值传递到存储过程并将结果保存到SQL-Server中的表中
[英]How to pass each value of the column from a table to a stored procedure and save the result in a table in SQL-Server
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.