寻找一个将 SQL 语句转换为动态 SQL 语句的实用程序
我正在寻找一个实用程序,可以将 Oracle SQL 转换为可以动态执行的字符串。
编辑:
是的,考虑这个简单的 SQL
SELECT * FROM TABLE
WHERE COLUMN_NAME = 'VALUE'
我有一个用于 T-SQL 的实用程序,它将上述 SQL 转换为同步 SQL,如下所示:
BEGIN
DECLARE @Exe_String VarChar(2000)
DECLARE @Qt Char(1)
DECLARE @Cr Char(1)
SET @Qt = Char(39)
SET @Cr = Char(10)
SET @Exe_String = 'SELECT * FROM TABLE ' + @Cr
SET @Exe_String = @Exe_String + 'WHERE COLUMN_NAME = ' + @Qt + 'VALUE' + @Qt + '' + @Cr
PRINT @Exe_String
--Execute (@Exe_String)
END
当然,生成的代码可能会更好,我希望你明白这个想法。
我正在为 Oracle SQL 寻找相同类型的转换。
I am looking for a utility that will convert Oracle SQL to a string that can executed dynamically.
Edit:
Yes, consider this simple SQL
SELECT * FROM TABLE
WHERE COLUMN_NAME = 'VALUE'
I have a utility which for T-SQL which converts the above SQL to a synamic SQL as follows:
BEGIN
DECLARE @Exe_String VarChar(2000)
DECLARE @Qt Char(1)
DECLARE @Cr Char(1)
SET @Qt = Char(39)
SET @Cr = Char(10)
SET @Exe_String = 'SELECT * FROM TABLE ' + @Cr
SET @Exe_String = @Exe_String + 'WHERE COLUMN_NAME = ' + @Qt + 'VALUE' + @Qt + '' + @Cr
PRINT @Exe_String
--Execute (@Exe_String)
END
Granted that the code generated good probably be better, yo get the idea, I hope.
I'm looking for the same type of conversion for Oracle SQL.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是我使用过几次的工具。您必须稍微更改输出才能使其运行,但它肯定胜过必须弄清楚如何转义所有单个滴答声。
Sql Tuning
单击链接后,它将带您直接访问该站点和包含示例 SQL 的页面。单击“静态 SQL 到动态 SQL”按钮,您可以看到它是如何工作的。然后输入您自己要转换的sql,然后再次单击按钮。删除每行末尾和开头的额外勾号 (')(第一行和最后一行除外),管道 (|) 也不需要存在。希望这有帮助。
Here is a tool that I have used a couple of times. You will have to change the output a little to get it to run but it sure beats having to figure out how to escape all the single ticks.
Sql Tuning
After you click on the link it will take you right to the site and a page with sample SQL. Click the "Static SQL to Dynamic SQL" button and you can see how it works. Then input your own sql you want converted and click the button again. Remove the extra tick (') marks in the end and beginning of each line with the exception of the first and last line and pipes (|) don't need to be there either. Hope this helps.
作为 T-SQL 到 PL/SQL 的原始翻译
明显的区别是,在 Oracle 中,字符串的连接运算符是 ||而不是+。
就我个人而言,我有一个小的字符串操作包(我们称之为 pstring),我会在这样的情况下使用它 - 包括 enquote(string) 等函数、换行符、制表符等的标准常量以及执行 C 风格的能力文本替换。
您是否考虑过使用绑定变量 - 即 :value - 而不是处理转义所有内部引号?它可以很好地防御 SQL 注入。
显然,如果您有不同数量的变量(您需要使用 DBMS_SQL 将它们链接到语句而不是简单的 EXECUTE IMMEDIATE),那么会有一些困难,但对于您的简单情况,它看起来像这样。
当然,您必须对 SQL 的结果做一些事情。
当表的形状可能不同时,这很困难 - 再次,您必须查看类型 4 动态 SQL (DBMS_SQL)。
As a raw translation of your T-SQL to PL/SQL
The obvious difference is that in Oracle the concatenation operator for strings is || rather than +.
Personally, I have a little string manipluation package (let's call it pstring) that I'd use in a case like this - includes functions like enquote(string), standard constants for newline,tab,etc and the ability to do C-style text replacement.
Have you considered using bind variables - i.e. :value - rather than dealing with escaping all the internal quotes? It's a good defence against SQL injection.
Obviously there's some difficulty if you have varying numbers of variables (you need to use DBMS_SQL to link them to the statement rather than a simple EXECUTE IMMEDIATE) but for your simple case it would look like this.
Although of course you have to do something with the results of your SQL.
Which is difficult when the shape of the table may differ - again, you have to look at Type 4 dynamic SQL (DBMS_SQL).