1. 首頁
  2. 問答
  3. 綁定參數到Oracle動態SQL

綁定參數到Oracle動態SQL

2012-06-12 77 views
6

我已經接受多個參數(即PNAME,pHeight,pTeam)存儲過程綁定參數到Oracle動態SQL

我已經建立了這樣的查詢:

SQLQuery VARCHAR2(6000); 
TestCursor T_CURSOR; 

SQLQuery := 'SELECT ID, Name, Height, Team FROM MyTable WHERE ID IS NOT NULL '; 


-- Build the query based on the parameters passed. 
IF pName IS NOT NULL 
    SQLQuery := SQLQuery || 'AND Name LIKE :pName '; 
END IF; 

IF pHeight IS > 0 
    SQLQuery := SQLQuery || 'AND Height = :pHeight '; 
END IF; 

IF pTeam IS NOT NULL 
    SQLQuery := SQLQuery || 'AND Team LIKE :pTeam '; 
END IF; 


OPEN TestCursor FOR SQLQuery USING pName, pHeight, pTeam;

如果我執行程序通過所有參數,它運行正常。

但是,如果我只是通過一個或兩個參數,那麼程序出現了錯誤:

ORA-01006: bind variable does not exist

如何選擇基於使用的參數值,其中的參數變量綁定?例如,如果只PNAME獲得通過,那麼我只會執行查詢:

OPEN TestCursor FOR SQLQuery USING pName;

或者,如果PNAME和pTeam都獲得通過,則:

OPEN TestCursor FOR SQLQuery USING pName, pTeam;

希望有人能夠擺脫更多的途徑來解決這個。謝謝。

編輯: 我其實可以使用以下方法:

- 構建基於傳遞的參數查詢。 IF pName IS NOT NULL SQLQuery:= SQLQuery || 'AND LIKE''''|| pName || ''''; END IF;

IF pHeight IS > 0 
    SQLQuery := SQLQuery || 'AND Height = pHeight '; 
END IF; 

IF pTeam IS NOT NULL 
    SQLQuery := SQLQuery || 'AND Team LIKE ''' || pTeam || ''' '; 
END IF; 


OPEN TestCursor FOR SQLQuery;

但是,這將是非常容易受到SQL注入......

來源

2012-06-12 Batuta

回答

6

這不是巨大的優雅,但它意味着你總是可以提供全部三種綁定變量,即使他們中的一些是空的。如果需要,您只需添加額外的WHERE子句。

(我試圖格式化動態SQL以使其更具可讀性,您可以將它作爲一個長字符串提供)。

FUNCTION myFunc (
    pName IN VARCHAR2, 
    pHeight IN VARCHAR2, 
    pTeam IN VARCHAR2 
) 
    RETURN T_CURSOR 
IS 
    -- Local Variables 
    SQLQuery VARCHAR2(6000); 
    TestCursor T_CURSOR; 
BEGIN 
    -- Build SQL query 
    SQLQuery := 'WITH t_binds '|| 
       ' AS (SELECT :v_name AS bv_name, '|| 
          ' :v_height AS bv_height, '|| 
          ' :v_team AS bv_team '|| 
         ' FROM dual) '|| 
       ' SELECT id, '|| 
         ' name, '|| 
         ' height, '|| 
         ' team '|| 
       ' FROM MyTable, '|| 
         ' t_binds '|| 
       ' WHERE id IS NOT NULL'; 

    -- Build the query WHERE clause based on the parameters passed. 
    IF pName IS NOT NULL 
    THEN 
    SQLQuery := SQLQuery || ' AND Name LIKE bv_name '; 
    END IF; 

    IF pHeight > 0 
    THEN 
    SQLQuery := SQLQuery || ' AND Height = bv_height '; 
    END IF; 

    IF pTeam IS NOT NULL 
    THEN 
    SQLQuery := SQLQuery || ' AND Team LIKE bv_team '; 
    END IF; 

    OPEN TestCursor 
    FOR SQLQuery 
    USING pName, 
     pHeight, 
     pTeam; 

    -- Return the cursor 
    RETURN TestCursor; 
END myFunc;

我沒有與DB訪問工作站的前面,所以我無法測試的功能,但它應該是接近(請原諒任何語法錯誤,這是一個漫長的一天!)

希望它有幫助...

來源

2012-06-12 20:05:19 Ollie

+0

t_binds聲明在哪裏?或者我需要在某個地方宣佈它? – Batuta

+0

它是在SQL語句中的WITH子句中聲明的,它是一個保存綁定變量的虛擬表。看到這裏:http://www.orafaq.com/node/1879 – Ollie

+0

試過這個,但仍然說ORA-01008:並非所有變量綁定 – Batuta

7

您可以使用DBMS_SQL包。這提供了運行動態SQL的另一種方式。使用起來可能更麻煩一些,但它可以更靈活,尤其是對於不同數量的綁定參數。

這裏是你如何使用它(警告:我沒有測試過這一點):

FUNCTION player_search (
    pName  IN VARCHAR2, 
    pHeight  IN NUMBER, 
    pTeam  IN VARCHAR2 
) RETURN SYS_REFCURSOR 
IS 
    cursor_name INTEGER; 
    ignore  INTEGER; 
    id_var  MyTable.ID%TYPE; 
    name_var  MyTable.Name%TYPE; 
    height_var MyTable.Height%TYPE; 
    team_var  MyTable.Team%TYPE; 
BEGIN 
    -- Put together SQLQuery here... 

    -- Open the cursor and parse the query   
    cursor_name := DBMS_SQL.OPEN_CURSOR; 
    DBMS_SQL.PARSE(cursor_name, SQLQuery, DBMS_SQL.NATIVE); 

    -- Define the columns that the query returns. 
    -- (The last number for columns 2 and 4 is the size of the 
    -- VARCHAR2 columns. Feel free to change them.) 
    DBMS_SQL.DEFINE_COLUMN(cursor_name, 1, id_var); 
    DBMS_SQL.DEFINE_COLUMN(cursor_name, 2, name_var, 30); 
    DBMS_SQL.DEFINE_COLUMN(cursor_name, 3, height_var); 
    DBMS_SQL.DEFINE_COLUMN(cursor_name, 4, team_var, 30); 

    -- Add bind variables depending on whether they were added to 
    -- the query. 
    IF pName IS NOT NULL THEN 
    DBMS_SQL.BIND_VARIABLE(cursor_name, ':pName', pName); 
    END IF; 

    IF pHeight > 0 THEN 
    DBMS_SQL.BIND_VARIABLE(cursor_name, ':pHeight', pHeight); 
    END IF; 

    IF pTeam IS NOT NULL THEN 
    DBMS_SQL.BIND_VARIABLE(cursor_name, ':pTeam', pTeam); 
    END IF; 

    -- Run the query. 
    -- (The return value of DBMS_SQL.EXECUTE for SELECT queries is undefined, 
    -- so we must ignore it.) 
    ignore := DBMS_SQL.EXECUTE(cursor_name); 

    -- Convert the DBMS_SQL cursor into a PL/SQL REF CURSOR. 
    RETURN DBMS_SQL.TO_REFCURSOR(cursor_name); 

EXCEPTION 
    WHEN OTHERS THEN 
    -- Ensure that the cursor is closed. 
    IF DBMS_SQL.IS_OPEN(cursor_name) THEN 
     DBMS_SQL.CLOSE_CURSOR(cursor_name); 
    END IF; 
    RAISE; 
END;

(注:DBMS_SQL.TO_REFCURSOR在Oracle 11g中是新的)

來源

2012-06-12 20:52:43

+0

+1,我喜歡使用DBMS_SQL,因爲它更「支持」,但比我建議的方法更有意思。像'%'這樣的 – Ollie

0

如何

SQLQuery := 'SELECT ID, Name, Height, Team FROM MyTable WHERE ID IS NOT NULL '; 

SQLQuery := SQLQuery || 'AND Name LIKE :pName '; 
SQLQuery := SQLQuery || 'AND Team LIKE :pTeam '; 
SQLQuery := SQLQuery || 'AND (Height = :pHeight OR :pHeight = 0)'; 

OPEN TestCursor FOR SQLQuery USING nvl(pName, '%'), nvl(pTeam, '%'), nvl(pHeight, 0), nvl(pHeight, 0);

來源

2012-06-13 10:57:59 archimede

+0

不會影響null。所以如果其中一些字段爲空,你會得到錯誤的 –

1

我使用的方法是在動態SQL中包含一個ELSE情況,說明IF的反向。您的代碼測試pName不爲空,因此我會爲生成的查詢測試pName IS Null添加一個子句。這樣,您可以每次傳遞相同的參數而不影響查詢結果。

SQLQuery VARCHAR2(6000); 
TestCursor T_CURSOR; 

SQLQuery := 'SELECT ID, Name, Height, Team FROM MyTable WHERE ID IS NOT NULL '; 


-- Build the query based on the parameters passed. 
IF pName IS NOT NULL 
    SQLQuery := SQLQuery || 'AND Name LIKE :pName '; 
ELSE 
    SQLQuery := SQLQuery || 'AND :pName IS NULL'; 
END IF; 

IF pHeight IS > 0 
    SQLQuery := SQLQuery || 'AND Height = :pHeight '; 
ELSE 
    SQLQuery := SQLQuery || 'AND :pHeight <=0 '; 
END IF; 

IF pTeam IS NOT NULL 
    SQLQuery := SQLQuery || 'AND Team LIKE :pTeam '; 
ELSE 
    SQLQuery := SQLQuery || 'AND :pTeam IS NULL'; 
END IF; 


OPEN TestCursor FOR SQLQuery USING pName, pHeight, pTeam;

來源

2014-05-23 10:13:13 Donogst

相關問題

 相關問題