我需要帮助来查看以下查询, 我的表格如下:
CREATE TABLE "MasterDivision"
(
"DivisionID" bigserial NOT NULL,
"DivisionName_EN" character varying(70) NOT NULL,
"DivisionName_HI" character varying(70) NOT NULL,
"DivisionCode" character varying(70) NOT NULL,
"StateID" bigint NOT NULL,
"CreatedBy" bigint NOT NULL,
"UpdatedBy" bigint NOT NULL,
"CreatedIP" character varying(50) NOT NULL,
"UpdatedIP" character varying(70) NOT NULL,
"IsActive" boolean NOT NULL,
"CreationDate" date NOT NULL,
"UpdationDate" date NOT NULL,
CONSTRAINT "PK_MasterDivision_DivisionID" PRIMARY KEY ("DivisionID")
)
WITH (
OIDS=FALSE
);
ALTER TABLE "MasterDivision"
OWNER TO postgres;
GRANT ALL ON TABLE "MasterDivision" TO public;
GRANT ALL ON TABLE "MasterDivision" TO postgres;
我创建了以下自定义类型:
create type type_selectmasterdivisionwithpagging
as
(
row bigint,
DivisionID bigint,
DivisionName_EN character varying(70),
DivisionName_HI character varying(70),
DivisionCode character varying(70),
StateID bigint,
StateName_EN character varying(70),
StateName_HI character varying(70)
);
以及以下功能......
CREATE OR REPLACE FUNCTION selectmasterdivisionwithpagging("PageNumber" integer, "PageSize" integer, "WhereClause" text, "OrderByClause" text)
RETURNS SETOF type_selectmasterdivisionwithpagging AS
$BODY$declare
_SQL text;
Begin
IF $1 <> -1 and $2 <> -1 then
_SQL:='Select * ' ||
'from ' ||
'( ' ||
'SELECT ROW_NUMBER() OVER ('|| $4 ||' ) AS Row' ||
',MD."DivisionID" ' ||
',MD."DivisionName_EN" '||
',MD."DivisionName_HI" '||
',MD."DivisionCode" '||
',MD."StateID" '||
',MS."StateName_EN" '||
',MS."StateName_HI" '||
'from "MasterDivision" as MD ' ||
'left join "MasterState" as MS ' ||
'on MD."StateID"=MS."StateID" ' ||
$3 ||
' ) as t' ||
' where 1=1 and t.Row between ' || ((($1-1)*$2)+1)||' and ' || ($1*$2) ;
RETURN query execute _SQL;
else
RETURN query execute 'SELECT ROW_NUMBER() OVER ('|| $4 ||' ) AS Row' ||
',MD."DivisionID" ' ||
',MD."DivisionName_EN" '||
',MD."DivisionName_HI" '||
',MD."DivisionCode" '||
',MD."StateID" '||
',MS."StateName_EN" '||
',MS."StateName_HI" '||
'from "MasterDivision" as MD ' ||
'left join "MasterState" as MS ' ||
'on MD."StateID"=MS."StateID" ';
end IF;
end;$BODY$
LANGUAGE plpgsql IMMUTABLE
COST 100
ROWS 1000;
ALTER FUNCTION selectmasterdivisionwithpagging(integer, integer, text, text)
OWNER TO postgres;
所有上述查询都可以正常执行,但是当我使用select selectmasterdivisionwithpagging(1,2,' where 1=1 ','Order by MS."StateName_EN"')
时,它会出错:
ERROR: structure of query does not match function result type
DETAIL: Returned type character varying(70)[] does not match expected type character varying(70) in column 7.
如果需要更多信息,请与我们联系。 谢谢大家
答案 0 :(得分:3)
如果您不需要,请停止使用EXECUTE
。如果您这样做,请使用参数化表单。您当前的函数容易受到各种函数内sql注入的攻击。</ p>
停止编写依赖 SQL注入漏洞的函数。如果我放入你的where '1=1; DELETE FROM "MasterDivision"; --'
条款,那么你会得到一个非常令人讨厌的惊喜。
您的错误意味着"MasterState"."StateName_EN"
不是您认为的类型。检查那里。在我看来,您可能将其作为varchar(70)[]而不是varchar字段。