DROP PROCEDURE IF EXISTS test1();
DELIMITER //
CREATE PROCEDURE test1( IN contextFilter TEXT )
BEGIN
SET @query = 'SELECT profileId AS \'profile\' from sa.topology_network_element' where contextFilter;
PREPARE stmt_query FROM @query;
SELECT @query;
EXECUTE stmt_query;
DEALLOCATE PREPARE stmt_query;
END //
DELIMITER ;
我试图将我将在UI中选择的对象ID传递给此查询的输入,以代替“ contextfilter”,而我试图获取存储过程时,却遇到了一些异常,例如“您的SQL语法错误”,我无法弄清楚可能是什么错误
最佳答案
记住要小心注入代码。采取所有可能的安全措施。
DELIMITER //
DROP PROCEDURE IF EXISTS `test1`//
CREATE PROCEDURE `test1`(IN `contextFilter` TEXT)
BEGIN
SET @`query` := CONCAT('SELECT `profileId` AS `profile`
FROM `sa`.`topology_network_element` WHERE ', `contextFilter`, ';');
PREPARE `stmt_query` FROM @`query`;
EXECUTE `stmt_query`;
DEALLOCATE PREPARE `stmt_query`;
END//
DELIMITER ;
SQL Fiddle demo
关于mysql - MySQL将动态内容传递给存储过程中的SQL查询,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/27631413/