<bdo id='nVC3O'></bdo><ul id='nVC3O'></ul>
<legend id='nVC3O'><style id='nVC3O'><dir id='nVC3O'><q id='nVC3O'></q></dir></style></legend>

      <tfoot id='nVC3O'></tfoot>
    1. <i id='nVC3O'><tr id='nVC3O'><dt id='nVC3O'><q id='nVC3O'><span id='nVC3O'><b id='nVC3O'><form id='nVC3O'><ins id='nVC3O'></ins><ul id='nVC3O'></ul><sub id='nVC3O'></sub></form><legend id='nVC3O'></legend><bdo id='nVC3O'><pre id='nVC3O'><center id='nVC3O'></center></pre></bdo></b><th id='nVC3O'></th></span></q></dt></tr></i><div id='nVC3O'><tfoot id='nVC3O'></tfoot><dl id='nVC3O'><fieldset id='nVC3O'></fieldset></dl></div>

    2. <small id='nVC3O'></small><noframes id='nVC3O'>

      将参数绑定到 Oracle 动态 SQL

      时间:2024-04-15
    3. <legend id='kUfrG'><style id='kUfrG'><dir id='kUfrG'><q id='kUfrG'></q></dir></style></legend>
    4. <small id='kUfrG'></small><noframes id='kUfrG'>

          <tbody id='kUfrG'></tbody>
        <i id='kUfrG'><tr id='kUfrG'><dt id='kUfrG'><q id='kUfrG'><span id='kUfrG'><b id='kUfrG'><form id='kUfrG'><ins id='kUfrG'></ins><ul id='kUfrG'></ul><sub id='kUfrG'></sub></form><legend id='kUfrG'></legend><bdo id='kUfrG'><pre id='kUfrG'><center id='kUfrG'></center></pre></bdo></b><th id='kUfrG'></th></span></q></dt></tr></i><div id='kUfrG'><tfoot id='kUfrG'></tfoot><dl id='kUfrG'><fieldset id='kUfrG'></fieldset></dl></div>

          <tfoot id='kUfrG'></tfoot>
            <bdo id='kUfrG'></bdo><ul id='kUfrG'></ul>

                本文介绍了将参数绑定到 Oracle 动态 SQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                问题描述

                我有一个接受多个参数的存储过程(即 pName、pHeight、pTeam)

                I have a stored procedure that accepts multiple parameters (i.e. pName, pHeight, pTeam)

                我的查询是这样构建的:

                I have the query built up like this:

                SQLQuery VARCHAR2(6000);
                TestCursor T_CURSOR;
                
                SQLQuery := 'SELECT ID, Name, Height, Team FROM MyTable WHERE ID IS NOT NULL ';
                
                
                -- Build the query based on the parameters passed.
                IF pName IS NOT NULL
                  SQLQuery := SQLQuery || 'AND Name LIKE :pName ';
                END IF;
                
                IF pHeight IS > 0
                  SQLQuery := SQLQuery || 'AND Height = :pHeight ';
                END IF;
                
                IF pTeam IS NOT NULL
                  SQLQuery := SQLQuery || 'AND Team LIKE :pTeam ';
                END IF;
                
                
                OPEN TestCursor FOR SQLQuery USING pName, pHeight, pTeam;
                

                如果我执行传递所有参数的过程,它运行正常.

                If I execute the procedure passing all parameters, it runs properly.

                但是如果我只传递一两个参数,那么程序就会出错:

                But if I only passed one or two of the parameters, then the procedure errors out:

                ORA-01006: bind variable does not exist
                

                如何根据参数值的使用位置有选择地将变量与参数绑定?例如,如果只传递了 pName,那么我只会执行查询:

                How do I selectively bind the variable with the parameters based on where the parameter value was used? For example, if only pName was passed, then I would only execute the query:

                OPEN TestCursor FOR SQLQuery USING pName;
                

                或者如果 pName 和 pTeam 都被传递,则:

                Or if both pName and pTeam was passed, then:

                OPEN TestCursor FOR SQLQuery USING pName, pTeam;
                

                希望有人可以摆脱更多方法来解决这个问题.谢谢.

                Hope someone can shed more ways to resolve this. Thanks.

                我实际上可以使用以下内容:

                I could actually use the following:

                -- 根据传递的参数构建查询.如果 pName 不为空SQLQuery := SQLQuery ||'AND 名字 LIKE ''' ||名称 ||''' ';如果结束;

                -- Build the query based on the parameters passed. IF pName IS NOT NULL SQLQuery := SQLQuery || 'AND Name LIKE ''' || pName || ''' '; END IF;

                IF pHeight IS > 0
                  SQLQuery := SQLQuery || 'AND Height = pHeight ';
                END IF;
                
                IF pTeam IS NOT NULL
                  SQLQuery := SQLQuery || 'AND Team LIKE ''' || pTeam || ''' ';
                END IF;
                
                
                OPEN TestCursor FOR SQLQuery;
                

                但这很容易受到 SQL 注入的攻击...

                But this would be VERY vulnerable to SQL Injection...

                推荐答案

                这不是非常优雅,但这意味着您始终可以提供所有三个绑定变量,即使其中一些为空.如果需要,您只需添加额外的 WHERE 子句.

                This is not hugely elegant but it would mean that you could always supply all three bind variables even if some of them are null. You only add the extra WHERE clauses if needed.

                (我尝试格式化动态 SQL 以使其更具可读性,您可以将其作为一个长字符串提供).

                (I've tried to format the dynamic SQL to make it more readable, you could just supply it as one long string).

                FUNCTION myFunc (
                   pName   IN VARCHAR2,
                   pHeight IN VARCHAR2,
                   pTeam   IN VARCHAR2
                )
                   RETURN T_CURSOR
                IS
                   -- Local Variables
                   SQLQuery   VARCHAR2(6000);
                   TestCursor T_CURSOR;
                BEGIN
                   -- Build SQL query
                   SQLQuery := 'WITH t_binds '||
                                ' AS (SELECT :v_name AS bv_name, '||
                                           ' :v_height AS bv_height, '||
                                           ' :v_team AS bv_team '||
                                      ' FROM dual) '||
                               ' SELECT id, '||
                                      ' name, '||
                                      ' height, '||
                                      ' team '||
                                 ' FROM MyTable, '||
                                      ' t_binds '||
                                ' WHERE id IS NOT NULL';
                
                   -- Build the query WHERE clause based on the parameters passed.
                   IF pName IS NOT NULL
                   THEN
                     SQLQuery := SQLQuery || ' AND Name LIKE bv_name ';
                   END IF;
                
                   IF pHeight > 0
                   THEN
                     SQLQuery := SQLQuery || ' AND Height = bv_height ';
                   END IF;
                
                   IF pTeam IS NOT NULL
                   THEN
                     SQLQuery := SQLQuery || ' AND Team LIKE bv_team ';
                   END IF;
                
                   OPEN TestCursor 
                    FOR SQLQuery 
                  USING pName, 
                        pHeight, 
                        pTeam;
                
                   -- Return the cursor
                   RETURN TestCursor;
                END myFunc;
                

                我不在具有数据库访问权限的工作站前,所以我无法测试该功能,但它应该很接近(请原谅任何语法错误,这是漫长的一天!)

                I'm not in front of a workstation with DB access so I can't test the function but it should be close (please forgive any syntax errors, it's been a long day!)

                希望能帮到你...

                这篇关于将参数绑定到 Oracle 动态 SQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                上一篇:Python 中参数查询的语法 (pyodbc) 下一篇:用参数在mySql中创建一个过程

                相关文章

                <tfoot id='Pgyol'></tfoot>

                1. <i id='Pgyol'><tr id='Pgyol'><dt id='Pgyol'><q id='Pgyol'><span id='Pgyol'><b id='Pgyol'><form id='Pgyol'><ins id='Pgyol'></ins><ul id='Pgyol'></ul><sub id='Pgyol'></sub></form><legend id='Pgyol'></legend><bdo id='Pgyol'><pre id='Pgyol'><center id='Pgyol'></center></pre></bdo></b><th id='Pgyol'></th></span></q></dt></tr></i><div id='Pgyol'><tfoot id='Pgyol'></tfoot><dl id='Pgyol'><fieldset id='Pgyol'></fieldset></dl></div>
                2. <legend id='Pgyol'><style id='Pgyol'><dir id='Pgyol'><q id='Pgyol'></q></dir></style></legend>
                    <bdo id='Pgyol'></bdo><ul id='Pgyol'></ul>
                  1. <small id='Pgyol'></small><noframes id='Pgyol'>