是否有可能将类似这个例子的东西用于在mysql中工作?
SET @my_columns = "( col_1 , col_2 , col_n )";
SET @my_values = "( val_1 , val_2 , val_n )";
SET @vs_query = "INSERT INTO my_table ? VALUES ? ";
PREPARE stmt FROM @vs_query;
EXECUTE stmt USING @my_columns , @my_values;
DEALLOCATE PREPARE stmt;
答案 0 :(得分:0)
您可以在mysql中创建非常动态的查询。
您的问题的一个示例 - 现在添加了SQL注入保护!
DELIMITER ;;
DROP PROCEDURE IF EXISTS insert_into_table_columns_values ;;
CREATE DEFINER=`root`@`localhost` PROCEDURE insert_into_table_columns_values(IN tableName_ text, IN columns_ text, IN values_ text )
BEGIN
DECLARE tableText text ;
DECLARE columnText text ;
DECLARE valuesText text ;
set @tableText = tableName_ ;
set @columnsText = columns_ ;
set @valuesText = values_ ;
SELECT LOCATE('select', @tableText) into @tableTextSelect ;
SELECT LOCATE('delete', @tableText) into @tableTextDelete ;
SELECT LOCATE('truncate', @tableText) into @tableTextTruncate ;
SELECT LOCATE('drop', @tableText) into @tableTextDrop ;
SELECT LOCATE('select', @columnsText) into @columnsTextSelect ;
SELECT LOCATE('delete', @columnsText) into @columnsTextDelete ;
SELECT LOCATE('truncate', @columnsText) into @columnsTextTruncate ;
SELECT LOCATE('drop', @columnsText) into @columnsTextTextDrop ;
SELECT LOCATE('select', @valuesText) into @valuesTextSelect ;
SELECT LOCATE('delete', @valuesText) into @valuesTextDelete ;
SELECT LOCATE('truncate', @valuesText) into @valuesTextTruncate ;
SELECT LOCATE('drop', @valuesText) into @valuesTextTextDrop ;
if @tableTextSelect
+ @tableTextDelete
+ @tableTextTruncate
+ @tableTextDrop
+ @columnsTextSelect
+ @columnsTextDelete
+ @columnsTextTruncate
+ @columnsTextTextDrop
+ @valuesTextSelect
+ @valuesTextDelete
+ @valuesTextTruncate
+ @valuesTextTextDrop
= 0 then
set @insertSQL = concat('insert into ', @tableText, @columnsText , ' values ', @valuesText , ' ; ') ;
PREPARE insertStatement FROM @insertSQL;
EXECUTE insertStatement ;
DEALLOCATE PREPARE insertStatement;
else
select 'invalid parameter(s)' error
, @tableText table_
, @columnsText columns_
, @valuesText values_
, @tableTextSelect
, @tableTextDelete
, @tableTextTruncate
, @tableTextDrop
, @columnsTextSelect
, @columnsTextDelete
, @columnsTextTruncate
, @columnsTextTextDrop
, @valuesTextSelect
, @valuesTextDelete
, @valuesTextTruncate
, @valuesTextTextDrop ;
end if ;
END;;
DELIMITER ;
-- example
call insert_into_table_columns_values('truncate employees', '(hire_date)', "('2017-06-12')" ) ;
-- results as json
{
"data":
[
{
"error": "invalid parameter(s)",
"table_": "truncate employees",
"columns_": "(hire_date)",
"values_": "('2017-06-12')",
"@tableTextSelect": 0,
"@tableTextDelete": 0,
"@tableTextTruncate": 1,
"@tableTextDrop": 0,
"@columnsTextSelect": 0,
"@columnsTextDelete": 0,
"@columnsTextTruncate": 0,
"@columnsTextTextDrop": 0,
"@valuesTextSelect": 0,
"@valuesTextDelete": 0,
"@valuesTextTruncate": 0,
"@valuesTextTextDrop": 0
}
]
}
在MySQL上测试。