MySQL Stored Procedure Prepared Statement (Dynamic SQL) Parameterized

最新推荐文章于 2023-11-05 23:00:03 发布
最新推荐文章于 2023-11-05 23:00:03 发布
阅读量445 收藏
点赞数
分类专栏: 数据库编程 文章标签: MySql
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/geovindu/article/details/52473298
版权

类似于SQL Server中的:sp_executesql

sql server script:


--- 涂聚文 20160906
IF EXISTS (SELECT * FROM sysobjects WHERE [name] = 'proc_Select_DuDeptUserCount')
DROP PROCEDURE proc_Select_DuDeptUserCount
GO
CREATE PROCEDURE proc_Select_DuDeptUserCount
(
 @where NVARCHAR(1000)
)
AS
DECLARE @sql NVARCHAR(4000)
SET @sql='select count(*) as H from DuDeptUser '
IF @where<>''
 SET @sql=@sql+@where
EXEC(@sql)
GO

MySql script:

# 建表 塗聚文 20160907
drop table attendrecord;

create table attendrecord
(
    seq  INT NOT NULL PRIMARY KEY AUTO_INCREMENT,
    emp_no varchar(20) null,
    rdate datetime not null,
    rtime time not null,
    rdescription varchar(100),
    rdes_reasnon varchar(100),
    branch varchar(50)
);

# 添加
DELIMITER $$
DROP PROCEDURE  IF EXISTS  `attend`.`proc_Insert_Attendrecord` $$
CREATE PROCEDURE `attend`.`proc_Insert_Attendrecord`
(
	IN param1emp_no VarChar(20),
	IN param1rdate Datetime ,
	IN param1rtime Time,
	IN param1rdescription VarChar(100),
	IN param1rdes_reasnon VarChar(100),
	IN param1branch VarChar(50)
)
BEGIN
INSERT INTO attendrecord
(
	emp_no ,
	rdate ,
	rtime ,
	rdescription ,
	rdes_reasnon ,
	branch
)
	VALUES
(
	param1emp_no ,
	param1rdate ,
	param1rtime ,
	param1rdescription ,
	param1rdes_reasnon ,
	param1branch
); END $$
DELIMITER ;

-- 添加
DELIMITER $$
DROP PROCEDURE  IF EXISTS  proc_Insert_Attendrecord $$
CREATE PROCEDURE proc_Insert_Attendrecord
(
	IN param1emp_no VarChar(20),
	IN param1rdate Datetime ,
	IN param1rtime Time,
	IN param1rdescription VarChar(100),
	IN param1rdes_reasnon VarChar(100),
	IN param1branch VarChar(50)
)
BEGIN
INSERT INTO attendrecord
(
	emp_no ,
	rdate ,
	rtime ,
	rdescription ,
	rdes_reasnon ,
	branch
)
	VALUES
(
	param1emp_no ,
	param1rdate ,
	param1rtime ,
	param1rdescription ,
	param1rdes_reasnon ,
	param1branch
); END $$
DELIMITER ;

#添加
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Insert_AttendrecordOutput $$
CREATE PROCEDURE proc_Insert_AttendrecordOutput
(
	IN param1emp_no VarChar(20),
	IN param1rdate Datetime,
	IN param1rtime Time,
	IN param1rdescription VarChar(100),
	IN param1rdes_reasnon VarChar(100),
	IN param1branch VarChar(50),
 	out param1seq int
)
BEGIN
INSERT INTO attendrecord
(
	emp_no ,
	rdate ,
	rtime ,
	rdescription ,
	rdes_reasnon ,
	branch
)
	VALUES
(
	param1emp_no ,
	param1rdate ,
	param1rtime ,
	param1rdescription ,
	param1rdes_reasnon ,
	param1branch
);
SELECT LAST_INSERT_ID() into param1seq;
END $$
DELIMITER ;

#更新 塗聚文註 2016-09-07
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Update_Attendrecord $$
CREATE PROCEDURE proc_Update_Attendrecord
(
	IN param1seq Int(8),
	IN param1emp_no VarChar(20),
	IN param1rdate Datetime,
	IN param1rtime Time,
	IN param1rdescription VarChar(100),
	IN param1rdes_reasnon VarChar(100),
	IN param1branch VarChar(50)
)
BEGIN
UPDATE attendrecord
	SET
		emp_no=param1emp_no ,
		rdate=param1rdate ,
		rtime=param1rtime ,
		rdescription=param1rdescription ,
		rdes_reasnon=param1rdes_reasnon ,
		branch=param1branch
	where
		seq=param1seq;

END $$
DELIMITER ;

#修改某一列数据
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Update_AttendrecordField $$
CREATE PROCEDURE proc_Update_AttendrecordField
(
	IN param1seq Int(8),
	IN FieldValue VarChar(200)
)
BEGIN
DECLARE sqlstr varchar(2000);
DECLARE wherestr varchar(1000);
SET sqlstr=CONCAT('update  attendrecord set ',FieldValue);
SET wherestr=CONCAT(' WHERE seq =',cast(param1seq as char(20)));
SET sqlstr=CONCAT(sqlstr,wherestr);
SET @Sql=sqlstr;
PREPARE stmt FROM @Sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;

# 測試
call proc_Update_AttendrecordField(1,'rdes_reasnon=''geovin''');



-- 刪除
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Delete_Attendrecord $$
CREATE PROCEDURE proc_Delete_Attendrecord
(
	IN param1seq Int
)
BEGIN
DELETE from	attendrecord	WHERE		seq = param1seq;
END $$
DELIMITER ;

#删除多条记录
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Delete_AttendrecordId $$
CREATE PROCEDURE proc_Delete_AttendrecordId
(
	IN param1seq varchar(1000)
)
BEGIN
DELETE from	attendrecord	WHERE		seq IN(param1seq);
END $$
DELIMITER ;





#查詢
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_Attendrecord $$
CREATE PROCEDURE proc_Select_Attendrecord
(
	IN param1seq Int
)
BEGIN
SELECT * FROM attendrecord WHERE seq = param1seq;
END $$
DELIMITER ;

#是否在存在
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordExists $$
CREATE PROCEDURE proc_Select_AttendrecordExists
(
	IN param1seq Int
)
BEGIN
SELECT count(1) as H FROM attendrecord WHERE seq = param1seq;
END $$
DELIMITER ;

-- 测试
call proc_Select_AttendrecordExists(1);


#表有多少条记录 Geovin Du
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordCount $$
CREATE PROCEDURE proc_Select_AttendrecordCount
(
	IN wherestr varchar(1000)
)
BEGIN
DECLARE sqlstr varchar(2000);
SET sqlstr='SELECT count(1) as H FROM attendrecord';
if wherestr='' then
SET sqlstr=sqlstr;
else
SET sqlstr=sqlstr+wherestr;
end if;
SET @sqlstr=sqlstr;
PREPARE stmt FROM @sqlstr;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;
# 测试
call proc_Select_AttendrecordCount('');

# http://stackoverflow.com/questions/23545525/mysql-stored-procedure-prepared-statement-dynamic-sql-parameterized
# https://dev.mysql.com/doc/refman/5.7/en/sql-syntax-prepared-statements.html
  -- 测试
  set @sql='SELECT count(1) as H FROM attendrecord';
  set @where='WHERE seq =1';
  set @sql=@sql+@where;
  select @sql;
  
  
# test
set @sql='SELECT * FROM attendrecord';
set @where=' WHERE seq <>1';
set @sql=CONCAT(@sql,@where);
select @sql;  #显示字符串
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;  


-- 测试

--
SET @sql = "select * from attendrecord";
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;

-- 测试
SET @skip=1; 
SET @numrows=5;
SET @Sql='SELECT * FROM tbl attendrecord  limit ?,?';
PREPARE STMT FROM @Sql;
-- EXECUTE STMT;
EXECUTE STMT USING @skip, @numrows;
DEALLOCATE PREPARE STMT;

#视图有多少条记录
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordCountView $$
CREATE PROCEDURE proc_Select_AttendrecordCountView
(
  IN wherestr varchar(1000)
)
BEGIN
declare sqlstr varchar(2000);
set sqlstr='SELECT count(1) as H FROM View_attendrecord';
if wherestr='' then
set sqlstr=sqlstr;
else
set sqlstr=sqlstr+wherestr;
end if;
set @sqlstr=sqlstr;
-- call(sqlstr);
PREPARE stmt FROM @sqlstr;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;


-- 5.1 up
#查询某记录的字段
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordTitle $$
CREATE PROCEDURE proc_Select_AttendrecordTitle
(

  IN FieldName varchar(1000),
  IN param1id int
)
BEGIN
declare sqlstr varchar(2000);
declare wherestr varchar(1000);
set sqlstr=CONCAT('select ',FieldName);
set wherestr=CONCAT(' from attendrecord WHERE seq =',cast(param1id as char(20)));
set sqlstr=CONCAT(sqlstr,wherestr);
set @sqlstr=sqlstr;
PREPARE stmt FROM @sqlstr;  
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;


call proc_Select_AttendrecordTitle('rdescription',1);

select concat(2);

select cast(2 as char(20));
#模糊查询
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordFuzzySearch $$
CREATE PROCEDURE proc_Select_AttendrecordFuzzySearch
(

  IN FieldList varchar(1000),
  IN wherestr varchar(2000) 
)
BEGIN
declare sqlstr varchar(2000);
declare ifwherestr varchar(1000);
declare iflist varchar(1000);
set ifwherestr='';
if FieldList='' then
   set iflist=' * ';
else
   set iflist=FieldList;
end if;
if wherestr<>'' then
   set ifwherestr=CONCAT(' WHERE ',wherestr);
end if;
set sqlstr=CONCAT('select ',iflist);
set sqlstr=CONCAT(sqlstr,'  from attendrecord ');
set sqlstr=CONCAT(sqlstr,ifwherestr);
set @sqlstr=sqlstr;
-- select @sqlstr;
-- call(sqlstr);
 PREPARE stmt FROM @sqlstr;
 EXECUTE stmt;
 DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;

-- seq =1
call proc_Select_AttendrecordFuzzySearch('rdescription','seq=1');


#查詢所有
DELIMITER $$
DROP PROCEDURE IF EXISTS proc_Select_AttendrecordAll $$
CREATE PROCEDURE proc_Select_AttendrecordAll
()
BEGIN
SELECT * FROM attendrecord;
END $$
DELIMITER ;


geovindu
关注
专栏目录
MySQL Stored Procedure Best Practices: How to Optimize
AI天才研究院
09-13 1984
作者:禅与计算机程序设计艺术 1.简介 Stored procedures are one of the most powerful features of SQL databases that allow users to encapsulate code and data together in r
mysql存储过程procedure的学习记录
零零落落的博客
07-05 159
DELIMITER $$ USE `ultimate`$$ DROP PROCEDURE IF EXISTS `p_gen_dim_iteminfo`$$ CREATE DEFINER=`user1`@`%` PROCEDURE `p_gen_y1`() BEGIN SET @wsql = (SELECT " select i.itemid, (select cat...
关于Connection的一个测试
岑如花
09-09 1239
原本以为Java中是值传递;那么当把一个connection传递给一个函数的时候,在此函数中调用connection.close()方法额话只是关闭了传递过来的值,不会关闭原来的connection,然而并不是这样的,调用close()方法后会把原来的connection也关闭掉,以下是做的一个测试程序。`package test;import java.sql.Connection; impor
Prepared statement
kezhen的专栏
03-25 3035
http://en.wikipedia.org/wiki/Prepared_statement In database management systems, a prepared statement or parameterized statement is a feature used to execute the same or similar database statement
How can I prevent SQL-injection in PHP?
happygogf的专栏
03-11 3459
2788down votefavorite 2528 If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_
webgoat-(A1)SQL Injection
最新发布
seanyang_的博客
11-05 1246
SQL 命令主要分为三类:数据操作语言 (DML)DML 语句可用于请求记录 (SELECT)、添加记录 (INSERT)、删除记录 (DELETE) 和修改现有记录 (UPDATE)。如果攻击者成功地将 DML 语句“注入”到 SQL 数据库中,则可能会破坏系统的机密性(使用 SELECT 语句)、完整性(使用 UPDATE 语句)和可用性(使用 DELETE 或 UPDATE 语句)数据定义语言 (DDL)DDL 命令通常用于定义数据库的架构。
Microsoft SQL Server Trace Flags
数据库生态圈(RDB & NoSQL & Bigdata)——专注于关系库优化(Oracle&Mysql&PG&SQL Server )
02-22 1482
Complete list of Microsoft SQL Server trace flags (585 trace flags)REMEMBER: Be extremely careful with trace flags, test in your test environment first. And consult professionals first if you are the ...
SQL Injection Prevention Cheat Sheet
gyc567的专栏
07-26 369
SQL Injection Prevention Cheat Sheet     Contents  [hide]  1 Introduction 2 Primary Defenses 2.1 Defense Option 1: Prepared Statements (Parameterized Queries) 2.2 Defense Option ...
mysql stored procedure programming PDF
02-24
MySQL存储过程编程是数据库管理和开发中的一个高级主题,它涉及到如何在MySQL数据库系统中编写和使用存储过程。存储过程是预编译的SQL代码块,可以包含复杂的业务逻辑,它们被保存在数据库中供以后执行。与直接在...
mysql存储过程编程 MySQL.Stored.Procedure.Programming
03-11
mysql存储过程方面的圣经,以通俗的示例方法讲述mysql存储过程的深奥内容,In MySQL Stored Procedure Programming, they put that hard-won experience to good use. Packed with code examples and covering ...
MySQL Stored Procedure Programming
05-24
The implementation of stored procedures in MySQL 5.0 ... This book, destined to be the bible of stored procedure development, is a resource that no real MySQL programmer can afford to do without.
SQL存储过程(Stored Procedure
热门推荐
weixin_34248258的博客
06-20 1万+
什么是存储过程? 存储过程(procedure)类似于C语言中的函数 用来执行管理任务或应用复杂的业务规则 存储过程可以带参数,也可以返回结果 存储过程可以包含数据操纵语句、变量、逻辑 控制语句等 存储过程(Stored Procedure)是一组为了完成特定功能的SQL语句集,经编译后存储在数据库中,用户通过指定存储过程的名字并给定参数(如果该...
sql uniqueidentifier转换成varchar 数据类型
Geovin Du Dream Park
09-19 6844
---塗聚文 Geovin Du DECLARE @myid uniqueidentifier SET @myid = NEWID() SELECT CONVERT(char(255), @myid) AS 'char'; GO --塗聚文 Geovin Du declare @
SQL SERVER 2000 遍历父子关系数据的表(二叉树)获得所有子节点 所有父节点及节点层数函数
Geovin Du Dream Park
08-29 2631
---SQL SERVER 2000 遍历父子关系數據表(二叉树)获得所有子节点 所有父节点及节点层数函数 ---Geovin Du 涂聚文 --建立測試環境 Create Table GeovinDu ([ID] Int, fatherID Int, [Name
sql 自定義百分比轉換小數函數
Geovin Du Dream Park
09-03 2534
--CAST 和 CONVERT 函数 Percentage DECLARE @dec decimal(5,3), @var varchar(10),@hun decimal(5,1) set @dec=0.025 set @hun=@dec*100 set @var=c
sql:无法解决 equal to 操作中 "Chinese_PRC_CI_AS" 和 "Chinese_Taiwan_Stroke_CI_AS" 之间的排序规则冲突。
Geovin Du Dream Park
02-24 2498
--无法解决 equal to 操作中 "Chinese_PRC_CI_AS" 和 "Chinese_Taiwan_Stroke_CI_AS" 之间的排序规则冲突。 CREATE VIEW View_VipBranchStaffBranchList AS select VipBranchStaff.*,geovindu_branch.B_Name,VipExamCountry.ExamCoun
sql 时间计算
Geovin Du Dream Park
08-25 1564
---兩個時間之差的合計 DECLARE @I INT SET @I = DATEDIFF(ms,GETDATE()-RAND()*24,GETDATE()) SELECT convert(varchar(10), @I/86400000) + ' Days ' +
mysql stored procedure
08-18
- *1* *2* *3* [MySQL —— Stored Procedure (MySQL存储过程的快速上手与使用 囊括应用案例)](https://blog.csdn.net/fuijiawei/article/details/124914190)[target="_blank" data-report-click={"spm":"1018.2226....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值