如何将动态游标添加到 plsql 函数
How to add a dynamic cursor to a plsql function
我想在我的 plsql 函数中添加一个动态游标。 where_clause_ 是我的函数输入参数。它可能会有所不同。下面是我的代码。
FUNCTION Filter_Data_With_Security(
where_clause_ IN VARCHAR2) RETURN VARCHAR2
IS
CURSOR check_sequrity IS
SELECT 1
FROM tab b
WHERE where_clause_
AND b.col1 = 'C2';
BEGIN
OPEN check_sequrity;
FETCH check_sequrity INTO temp_;
IF (check_sequrity%FOUND) THEN
CLOSE year_exists;
exist_ := 'TRUE';
ELSE
CLOSE check_sequrity;
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;
但是这给我一个错误如下
PL/SQL: ORA-00920: invalid relational operator error at line no :9109
请帮我解决这个问题
参见示例 7.4 here
FUNCTION Filter_Data_With_Security (where_clause_ IN VARCHAR2)
RETURN VARCHAR2
IS
TYPE EmpCurTyp IS REF CURSOR;
check_sequrity EmpCurTyp;
v_stmt_str VARCHAR2 (200);
temp_ NUMBER;
exists_ VARCHAR2 (20);
BEGIN
-- Dynamic SQL statement with placeholder:
v_stmt_str := 'SELECT 1 FROM tab b WHERE ' || where_clause_ || 'AND b.col1 = ''C2''';
OPEN check_sequrity FOR v_stmt_str;
FETCH check_sequrity INTO temp_;
IF (check_sequrity%FOUND) THEN
CLOSE year_exists;
exist_ := 'TRUE';
ELSE
CLOSE check_sequrity;
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;
动态 SQL 不是很安全 ;)。您应该检查可能的 SQL 注入。
只是一个想法。这个选项你也可以试试。基本上你需要检查是否有从基本输入返回的记录。我认为我们不需要为此循环。希望下面的代码片段对您有所帮助。
CREATE OR REPLACE FUNCTION Filter_Data_With_Security(
where_clause_ IN VARCHAR2)
RETURN VARCHAR2
IS
lv_num DBMS_SQL.NUMBER_TABLE;
exist_ VARCHAR2(100);
BEGIN
lv_sql:='SELECT 1 FROM tab b WHERE '||where_clause_||' AND b.col1 = ''C2''';
EXECUTE IMMEDIATE lv_sql BULK COLLECT INTO lv_num;
IF lv_num.EXISTS(1) THEN
exist_ := 'TRUE';
ELSE
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;
我想在我的 plsql 函数中添加一个动态游标。 where_clause_ 是我的函数输入参数。它可能会有所不同。下面是我的代码。
FUNCTION Filter_Data_With_Security(
where_clause_ IN VARCHAR2) RETURN VARCHAR2
IS
CURSOR check_sequrity IS
SELECT 1
FROM tab b
WHERE where_clause_
AND b.col1 = 'C2';
BEGIN
OPEN check_sequrity;
FETCH check_sequrity INTO temp_;
IF (check_sequrity%FOUND) THEN
CLOSE year_exists;
exist_ := 'TRUE';
ELSE
CLOSE check_sequrity;
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;
但是这给我一个错误如下
PL/SQL: ORA-00920: invalid relational operator error at line no :9109
请帮我解决这个问题
参见示例 7.4 here
FUNCTION Filter_Data_With_Security (where_clause_ IN VARCHAR2)
RETURN VARCHAR2
IS
TYPE EmpCurTyp IS REF CURSOR;
check_sequrity EmpCurTyp;
v_stmt_str VARCHAR2 (200);
temp_ NUMBER;
exists_ VARCHAR2 (20);
BEGIN
-- Dynamic SQL statement with placeholder:
v_stmt_str := 'SELECT 1 FROM tab b WHERE ' || where_clause_ || 'AND b.col1 = ''C2''';
OPEN check_sequrity FOR v_stmt_str;
FETCH check_sequrity INTO temp_;
IF (check_sequrity%FOUND) THEN
CLOSE year_exists;
exist_ := 'TRUE';
ELSE
CLOSE check_sequrity;
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;
动态 SQL 不是很安全 ;)。您应该检查可能的 SQL 注入。
只是一个想法。这个选项你也可以试试。基本上你需要检查是否有从基本输入返回的记录。我认为我们不需要为此循环。希望下面的代码片段对您有所帮助。
CREATE OR REPLACE FUNCTION Filter_Data_With_Security(
where_clause_ IN VARCHAR2)
RETURN VARCHAR2
IS
lv_num DBMS_SQL.NUMBER_TABLE;
exist_ VARCHAR2(100);
BEGIN
lv_sql:='SELECT 1 FROM tab b WHERE '||where_clause_||' AND b.col1 = ''C2''';
EXECUTE IMMEDIATE lv_sql BULK COLLECT INTO lv_num;
IF lv_num.EXISTS(1) THEN
exist_ := 'TRUE';
ELSE
exist_ := 'FALSE';
END IF;
RETURN exist_;
END Filter_Data_With_Security;