我有一个matlab变量:
Name Size Bytes Class
code 14x1 1036 cell
我想将变量传递给oracle中的查询
sqlstr = ['select * from sqltable where code in' (code)]
但是我收到了这个错误:
??? Error using ==> horzcat
CAT arguments dimensions are not consistent.
你能帮我吗?
答案 0 :(得分:0)
您无法将单元格数组与字符串连接起来,因此您需要将字符串的单元格数组实际转换为查询的值列表
code = {'one', 'two', 'three'};
array = ['(''', strjoin(code, ''','''), ''')'];
% ('one','two','three')
sqlstr = ['select * from sqltable where code in ' array];
% select * from sqltable where code in ('one','two','three')
如果用户提交的话,请务必小心code包含的内容,因为精心设计的值可能会导致SQL注入。
code = {'one''); DROP TABLE users; select * from table where column in (''one'}
<强>更新
如果您没有strjoin,则可以执行以下操作:
array = sprintf('''%s'', ', code{:});
array = ['(', array(1:end-2), ')'];
sqlstr = ['select * from sqltable where code in ' array];