我正在使用MySQL(实际上是来自PHPMyAdmin的MariaDB),并试图在存储过程中写入插入,出于明显的(安全性)原因,不允许这样做。
我尝试使用GRANT EXECUTE ON PROCEDURE语句更改权限。
GRANT EXECUTE ON PROCEDURE test.putDataInFull TO 'root'@'localhost'
我真的在这里碰壁了,有什么主意吗?
编辑:
DELIMITER //
CREATE PROCEDURE putDataInFull (IN matchid INT(11))
BEGIN
DECLARE koula int(11);
DECLARE c varchar(255);
SET @koula = matchid;
SET @c := concat('insert into log (match_id, comment) values (?,\'inPUtDataWeTrtust\');');
DECLARE EXIT HANDLER FOR SQLEXCEPTION
BEGIN
SELECT CONCAT(@c, ' is not valid');
END;
PREPARE stmt FROM @c;
EXECUTE stmt USING @koula;
DEALLOCATE PREPARE stmt;
END //
DELIMITER ;
p.s。这不是一个生产项目,只是很有趣,所以我真的不在乎安全性。
答案 0 :(得分:0)
您可以使用变量创建一个插入。不必创建魔术字符串。在这里,您还可以获得an other stackoverflow question的另一个示例:
DELIMITER $$
CREATE PROCEDURE ADD_WITHDRAWAL_A(IN withdrawalcode_p VARCHAR(25), IN id_p VARCHAR(8), IN amount_p VARCHAR(12), IN datewithdrawn_p VARCHAR(35), IN approved_p VARCHAR(8))
BEGIN
START TRANSACTION;
INSERT INTO Withdrawals(WithdrawalCode, IDD, Amount, DateWithdrawn, Approved)
VALUES (withdrawalcode_p, id_p, amount_p, datewithdrawn_p, approved_p);
UPDATE account SET AccountBalance = AccountBalance - amount_p WHERE IDD = id_p LIMIT 1;
COMMIT;
END $$
DELIMITER ;