嘿大家一直在底部得到一个sql错误 就在代码块末尾的execute语句之前:
stmt:= v_first_sql || stmt || v_order_by_sql || v_last_sql;
我做错什么的任何想法?
感谢
FUNCTION search_data
(
p_start_ind IN NUMBER,
p_end_ind IN NUMBER,
p_cols_sort_by IN char_tab,
p_sort_orders IN char_tab,
p_sor_number IN VARCHAR2,
p_tcn IN VARCHAR2,
p_sock IN NUMBER,
p_work_id IN NUMBER,
p_sap in NUMBER
)
RETURN bean_list
IS
stmt VARCHAR2(4000);
result bean_list;
v_jp_ids VARCHAR2(50);
v_first_sql VARCHAR2(512);
v_row_count NUMBER;
BEGIN
v_row_count := p_end_index - p_start_index + 1;
v_first_sql := 'BEGIN ';
v_first_sql := v_first_sql || ' SELECT item_search( id, mwslin,sor_code, fyear, wyear,';
v_first_sql := v_first_sql || ' sock, tcn, non, nomen,sap';
v_first_sql := v_first_sql || ' row_count )';
v_first_sql := v_first_sql || ' BULK COLLECT INTO :bind_var1';
v_first_sql := v_first_sql || ' FROM';
v_first_sql := v_first_sql || ' (';
v_first_sql := v_first_sql || ' SELECT /*+ FIRST_ROWS(' || TO_CHAR(v_row_count) || ') */ ';
v_first_sql := v_first_sql || ' ROWNUM rnum, a.*';
v_first_sql := v_first_sql || ' FROM';
v_first_sql := v_first_sql || ' (';
v_first_sql := v_first_sql || ' SELECT ob.*, COUNT(*) OVER () AS row_count';
v_first_sql := v_first_sql || ' FROM';
v_first_sql := v_first_sql || ' (';
v_order_by_sql := ' ) ob ' || temp_pkg.get_number_by( p_columns_sort_by, p_sort_orders );
v_last_sql := ' ) a';
v_last_sql := v_last_sql || ' WHERE rownum <= ' || TO_CHAR(p_end_index);
v_last_sql := v_last_sql || ' )';
v_last_sql := v_last_sql || ' WHERE rnum >= ' || TO_CHAR(p_start_index);
v_last_sql := v_last_sql || ' ORDER BY rnum;';
v_last_sql := v_last_sql || ' END;';
stmt := v_first_sql || stmt
EXECUTE IMMEDIATE stmt USING OUT result;
RETURN result;
END search_data;
答案 0 :(得分:2)
您的代码中的括号似乎是平衡的,所以问题显然在
引入的文本中temp_pkg.get_order_by( p_columns_sort_by, p_sort_orders )
此功能必须返回不平衡的parens。
顺便说一下,除非你花了很大的力气来清理输入,否则这是一个等待发生的SQL注入攻击。