如何使用动态SQL语句将值选择为变量以在Mariadb中进行分配?
我正在尝试使用动态SQL语句检索值并将其分配给存储过程中的变量。
问题是,在执行动态语句时,它无法访问过程范围中声明的变量。
这是代码的片段(在一个过程中),以澄清:
DECLARE v_amount_of_samples_that_require_revision INTEGER;
SET query = CONCAT('SELECT count(sample_id) INTO v_amount_of_samples_that_require_revision
FROM ', v_table_name,
'WHERE state = REQUIRES_REVISION_STATE
AND form_id = ', p_form_id);
PREPARE stmt FROM query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
我当然遇到的错误是:
sql错误[1327] [42000]:(conn:7575)undeclared变量:v_amount_of_samples_that_require_revision
是否有解决方法?
I'm trying to use a dynamic SQL statement to retrieve a value and assign it to a variable, in a stored procedure.
The problem is, when executing the dynamic statement, it can't access the variable declared in the procedure scope.
Here is a fragment of the code (inside a procedure), for clarification:
DECLARE v_amount_of_samples_that_require_revision INTEGER;
SET query = CONCAT('SELECT count(sample_id) INTO v_amount_of_samples_that_require_revision
FROM ', v_table_name,
'WHERE state = REQUIRES_REVISION_STATE
AND form_id = ', p_form_id);
PREPARE stmt FROM query;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
The error I get, of course, is:
SQL Error [1327] [42000]: (conn:7575) Undeclared variable: v_amount_of_samples_that_require_revision
Is there a workaround?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
代替定期变量,使用用户扣除会话变量
仍然可以用于SQL注入,
当您在Where dor Mause使用已准备好的语句中使用变量时,应针对白名单进行测试
instead of regularly variables use user defned session variables
still v_table_name could be used for sql injection and should be tested against a whitelist
When you use variables in the where lause use prepared statements