开发者

Is it possible to pass entire WHERE condition in stored procedure in MySQL 5.x?

问答 作者:

I just need pass WHERE condition, like:

CREATE DEFINER=`root`@`localhost` PROCEDURE `productpricing2`(
   IN cond CHAR(200)
)
BEGIN
   SELECT * FROM tbl_products WHERE cond LIMIT 1;
END

and call it like:

CALL productpricing2("productName IS NOT NULL");

Where productName is column i开发者_开发知识库n table tbl_products

Thanks

Yes it's possible You can use prepared-statements for it, and build whole query as a string, but it's not an elegant way to do things...

also notice that:

  • Yours queries should take advantage of parametrized prepared-statements, in case of SQL-Injection
  • Even parametrized prepared-statements, are not fully "secure", and You should avoid that kind of DB programming

Yes it is possible (although as HLGEM points out it opens you for possibility of SQL injections).

THe way to do this, is to create dynamic SQL using prepared statement.

继续阅读:sqlstored-procedures

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9