开发者

Error when calling Mysql Stored procedure

This is my stored procedure to search throgh all databases,tables and columns. This procedure got created with out any error.

DELIMITER $$

DROP PROCEDURE IF EXISTS `mydb`.`get_table`$$

CREATE DEFINER=`root`@`%` PROCEDURE `get_table`(in_search varchar(50))
    READS SQL DATA
BEGIN
DECLARE trunc_cmd VARCHAR(50);
DECLARE search_string VARCHAR(250);
DECLARE db,tbl,clmn CHAR(50);
DECLARE done INT DEFAULT 0;
DECLARE COUNTER INT;
DECLARE table_cur CURSOR FOR 
SELECT concat('SELECT COUNT(*) INTO @CNT_VALUE FROM ',
              table_schema,'.', table_name, 
              ' WHERE ', column_name,' REGEXP ''',in_search,''''
         )
,table_schema,table_name,column_name
 FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA NOT IN ('mydb','information_schema');
 DECLARE CONTINUE HANDLER FOR NOT FOUND SET done=1;
# #Truncating table for refill the data for new search.
PREPARE trunc_cmd FROM 'TRUNCATE TABLE temp_details';
EXECUTE trunc_cmd ;
OPEN table_cur;
table_loop:LOOP
 FETCH table_cur INTO search_string,db,tbl,clmn;
# #Executing the search
SET @search_string = search_string;
SELECT  search_string;
 PREPARE search_string FROM @search_string;
 EXECUTE search_string;
SET COUNTER = @CNT_VALUE;
 SELECT COUNTER;
IF COUNTER>0 THEN
# # Inserting required results from search to table
 INSERT INTO temp_details VALUES(db,tbl,clmn);
 END IF;
 IF done=1 THEN
 LEAVE table_loop;
 END IF;
END LOOP;
 CLOSE table_cur;
# #Finally Show Results
 SELECT * FROM temp_details;
 END$$

DELIMITER ;

But when calling this procedure following error occurs.

call get_table('aaa')

Error Code : 1064 You have an error in your SQL syntax; check the manual that 开发者_开发问答 corresponds to your MySQL server version for the right syntax to use near 'delete REGEXP 'aaa'' at line 1 (0 ms taken)


Where does "delete" come from? Do you have a column_name with that name? If so, use better names, not reserved ones, or use nasty backticks ` or ANSI-quotes " around the column name.

Constructions like this are vulnerable to SQL injection.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜