如何將列名和表名作為參數傳遞給SQL存儲過程
[英]How can I pass column and table name as parameters to a SQL stored procedure
問題描述
CREATE OR REPLACE FUNCTION getIdFromNameParameter
(columnName VARCHAR2, tableName VARCHAR2, whereColumn VARCHAR2, parameterColumn VARCHAR2)
RETURN VARCHAR2
AS
idCatc VARCHAR2(50);
BEGIN
execute immediate 'SELECT ' || columnName || ' INTO ' || idCatc || ' FROM ' || tableName || ' WHERE ' || whereColumn || ' = ' || parameterColumn;
RETURN idCatc;
END;
/
我收到此警告:
警告:函數創建時出現編譯錯誤
2 個解決方案
解決方案1
3 2018-02-04 17:44:29
一方面, into是execute immediate一部分:
CREATE OR REPLACE FUNCTION getIdFromNameParameter (
in_columnName VARCHAR2,
in_tableName VARCHAR2,
in_whereColumn VARCHAR2,
in_parameterColumn VARCHAR2)
RETURN VARCHAR2
AS
idCatc VARCHAR2(50);
BEGIN
execute immediate 'SELECT ' || in_columnName || ' FROM ' || in_tableName || ' WHERE ' || in_whereColumn || ' = ' || in_parameterColumn
INTO idCatc;
RETURN idCatc;
END;
您還使用+進行字符串連接。
解決方案2
1 已采納 2018-02-04 20:47:36
如果創建這樣的函數,請使用以下類似方法確保它免受sql注入的侵害。 這使用dbms_assert清除輸入內容,以防諸如'; drop table xyz;'之類的問題。
CREATE OR REPLACE FUNCTION getidfromnameparameter (
in_columnname VARCHAR2,
in_tablename VARCHAR2,
in_wherecolumn VARCHAR2,
in_parametercolumn VARCHAR2
) RETURN VARCHAR2 AS
idcatc VARCHAR2(50);
BEGIN
EXECUTE IMMEDIATE 'SELECT '
|| sys.dbms_assert.qualified_sql_name(in_columnName)
|| ' FROM '
|| sys.dbms_assert.sql_object_name(in_tableName)
|| ' WHERE '
|| sys.dbms_assert.qualified_sql_name(in_whereColumn)
|| ' = '
|| sys.dbms_assert.enquote_literal(in_parametercolumn)
INTO idcatc;
RETURN idcatc;
END;
/
如何在SQL Server中將列名和表名作為參數傳遞給存儲過程?
[英]How to pass column name as well as Table Name to a stored procedure as a parameter in SQL Server?
我可以在存儲過程的 SQL 更新中將列名作為輸入參數傳遞嗎
[英]Can I pass column name as input parameter in SQL update in stored procedure
如何在 PL/SQL 的存儲過程中將列名作為參數傳遞?
[英]How to pass column name as parameter in a Stored Procedure in PL/SQL?
SQL LOOP將臨時表中的值作為參數傳遞給存儲過程
[英]SQL LOOP Pass values from Temp Table as parameters to stored procedure
將表名和列名動態傳遞給 PL/SQL 存儲過程
[英]Passing table name and column name dynamically to PL/SQL Stored procedure
如何將表中列的每個值傳遞到存儲過程並將結果保存到SQL-Server中的表中
[英]How to pass each value of the column from a table to a stored procedure and save the result in a table in SQL-Server
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.