我正在尝试在Oracle数据库中搜索值中包含%20或%2F的任何字符串。我正在寻找的值来自一个未正确编码的网站,并导致HTML URL编码被放置在值字符串中。
我一直在使用以下脚本在数据库中查找数据,但发现我不能为%符号包含转义子句。
SET SERVEROUTPUT ON SIZE 100000
DECLARE
match_count INTEGER;
-- Type the owner of the tables you are looking at
v_owner VARCHAR2(255) :='OWNER';
-- Type the data type you are look at (in CAPITAL)
-- VARCHAR2, NUMBER, etc.
v_data_type VARCHAR2(255) :='VARCHAR2';
-- Type the string you are looking at
v_search_string VARCHAR2(4000) :='%\%2F%' ESCAPE '\';
--'-- Added to fix syntax highlighting on SO
BEGIN
FOR t IN (SELECT table_name, column_name FROM all_tab_cols where owner=v_owner and data_type = v_data_type AND table_name LIKE '%') LOOP
EXECUTE IMMEDIATE
'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE :1'
INTO match_count
USING v_search_string;
IF match_count > 0 THEN
dbms_output.put_line( t.table_name ||' '||t.column_name||' '||match_count );
END IF;
END LOOP;
END;
答案 0 :(得分:1)
您应该将转义添加到查询而不是变量。
查看Escaping special characters in SQL
SELECT * FROM table WHERE column like '%\%20%' ESCAPE '\'
逃脱中的角色是逃离%的角色。 查看oracle文档http://docs.oracle.com/cd/B12037_01/server.101/b10759/conditions016.htm
答案 1 :(得分:0)
而不是
EXECUTE IMMEDIATE
'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE :1'
INTO match_count
USING v_search_string;
尝试使用
EXECUTE IMMEDIATE
'SELECT COUNT(*) FROM '||t.table_name||' WHERE '||t.column_name||' LIKE ''' || v_search_string || ''''
INTO match_count;