在存储过程中使用动态SQL的解决方法是什么

时间:2012-09-24 15:53:15

标签: mysql sql database stored-procedures triggers

存储过程

DELIMITER $$

CREATE PROCEDURE `lms`.`leads_to_bak` ()
BEGIN
SET @table1 = (SELECT `tabler_name` FROM `sets` WHERE `on_off`=0 LIMIT 1);
SET @table2 = CONCAT(@table1, '_bak');
SET @SQL1 = CONCAT('INSERT INTO ',@table2, '(', (SELECT REPLACE(GROUP_CONCAT(COLUMN_NAME), 'lead_id,', '') FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @table2), ')', ' SELECT ', (SELECT REPLACE(GROUP_CONCAT(COLUMN_NAME), 'lead_id,', '') FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @table1), ' FROM ', @table1);
PREPARE stmt FROM @sql1;
EXECUTE stmt;
END$$

DELIMITER ;

触发器

DELIMITER $$
USE `lms`$$

CREATE TRIGGER `lms`.`after_insert_into_leads`
AFTER INSERT ON `sets` FOR EACH ROW
BEGIN
CALL lms.leads_to_bak();
END$$

DELIMITER ;

问题

在制作Error Code: 1336. Dynamic SQL is not allowed in stored function or trigger时出现INSERT错误消息,暗示将执行触发器和存储过程。我假设问题是这里的动态SQL:

PREPARE stmt FROM @sql1;
EXECUTE stmt;

我环顾四周,问题上的堆栈溢出有thread,但没有回答。有没有人对合理的解决方法有任何建议?

2 个答案:

答案 0 :(得分:8)

对于MySQL函数中缺少动态SQL没有好的解决方法,只有klunky cludges。有些事情仍然无法简化,例如在SQL查询中使用动态计算的字段名称或表名。是的,有一段时间需要做这种事情!

并且不要试图通过将动态SQL放入存储过程并包装在函数或触发器中作为欺骗,正如问题提供者所尝试的那样--MySQL过于聪明并且会给你通常的模糊错误消息。相信我,我一直在所有的房子周围。

来自Oracle PL / SQL和MS SQL Server背景,我非常怀念PL / SQL和(在很小程度上)T-SQL为编写过程SQL提供的丰富性。

答案 1 :(得分:4)

在程序定义中,您需要存储所有IN/OUT变量。

变化:

CREATE PROCEDURE `lms`.`leads_to_bak` ()

为:

CREATE PROCEDURE `lms`.`leads_to_bak` (
    IN table1 varchar(32),
    IN table2 varchar(32),
)

然后拨打电话:

CALL `lms`.`leads_to_bak`('table1', 'table2')

用你自己的字符串替换字符串。

使用存储过程的目的是使用严格类型化的数据来防止SQL注入。如果只在参数列表中发送严格类型的输入变量,则技术上不需要在存储过程中进行准备。

这样,您可以在存储过程调用之前处理字符串操作。保持你的存储过程瘦!

以下是我的一个存储过程的示例:

DELIMITER ;
DROP PROCEDURE IF EXISTS `save_player`;
DELIMITER //

CREATE PROCEDURE `save_player` (
IN uid int(15) UNSIGNED,
IN email varchar(100),
IN name varchar(100),
IN passwd char(96),
IN state ENUM('active','suspended','deleted'),
IN user_role ENUM('gamemaster','moderator','player'),
IN locale ENUM('en','fr'),
IN lvl tinyint(1),
IN hp bigint(20),
IN reborn tinyint(1),
IN cross_ref varchar(12),
IN email_verified tinyint(1),
OUT new_id  int(15) UNSIGNED
)
BEGIN
   DECLARE date_deleted timestamp DEFAULT NULL;
   IF uid > 0 AND EXISTS (SELECT id FROM user WHERE `id`= uid) THEN
      IF state = 'deleted' THEN
        SET date_deleted = CURRENT_TIMESTAMP;
      END IF ;
      UPDATE `user` SET
        `email` = email,
        `name` = name,
        `passwd` = passwd,
        `state` = state,
        `user_role` = user_role,
        `locale` = locale,
        `lvl` = lvl,
        `hp` = hp,
        `reborn` = reborn,
        `cross_ref` = cross_ref,
        `email_verified` = email_verified,
        `date_deleted` = date_deleted
      WHERE `id` = uid;
      SET new_id = uid;
   ELSE
      INSERT INTO user (`email`, `name`, `passwd`, `state`, `user_role`, `locale`, `lvl`, `hp`, `reborn`, `cross_ref`, `email_verified`, `date_created`)
             VALUES (email, name, passwd, state, user_role, locale, lvl, hp, reborn, cross_ref, email_verified, NOW());
      SELECT LAST_INSERT_ID()  INTO new_id;
   END IF;
 END //
DELIMITER ;