在Oracle数据库中搜索带转义的字符串

时间:2014-01-30 21:58:52

标签: sql oracle

我正在尝试在Oracle数据库中搜索值中包含%20%2F的任何字符串。我正在寻找的值来自一个未正确编码的网站,并导致HTML URL编码被放置在值字符串中。

我一直在使用以下脚本在数据库中查找数据,但发现我不能为%符号包含转义子句。

SET SERVEROUTPUT ON SIZE 100000

DECLARE
  match_count INTEGER;
-- Type the owner of the tables you are looking at
  v_owner VARCHAR2(255) :='OWNER';

-- Type the data type you are look at (in CAPITAL)
-- VARCHAR2, NUMBER, etc.
  v_data_type VARCHAR2(255) :='VARCHAR2';

-- Type the string you are looking at
  v_search_string VARCHAR2(4000) :='%\%2F%' ESCAPE '\';

--'-- Added to fix syntax highlighting on SO

BEGIN
  FOR t IN (SELECT table_name, column_name FROM all_tab_cols where owner=v_owner and data_type = v_data_type AND table_name LIKE '%') LOOP

    EXECUTE IMMEDIATE 
    'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE :1'
    INTO match_count
    USING v_search_string;

    IF match_count > 0 THEN
      dbms_output.put_line( t.table_name ||' '||t.column_name||' '||match_count );
    END IF;

  END LOOP;
END;

2 个答案:

答案 0 :(得分:1)

您应该将转义添加到查询而不是变量。

查看Escaping special characters in SQL

SELECT * FROM table WHERE column like '%\%20%' ESCAPE '\'

逃脱中的角色是逃离%的角色。 查看oracle文档http://docs.oracle.com/cd/B12037_01/server.101/b10759/conditions016.htm

答案 1 :(得分:0)

而不是

EXECUTE IMMEDIATE 
'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE :1'
INTO match_count
USING v_search_string;

尝试使用

EXECUTE IMMEDIATE 
'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE ''' || v_search_string || ''''
INTO match_count;