将列名称作为参数

时间:2017-10-26 11:00:14

标签: sql oracle

我需要在代码中从前端到后端传递列名。我正在使用带有oracle的c#,当我将列名称作为参数传递时,它会给出错误,因为列名在这里用作字符串,我需要知道如何解决这个问题。这是我的代码,

PROCEDURE PR_GETCLIENTCONTRACTDATA(INSTRFIELD IN VARCHAR2,INSTRCONTRACTNO IN VARCHAR2,CUR_OUTPUT OUT T_CURSOR)--ADDED BY DIDULA 25/10/2017 
IS
    BEGIN
        OPEN CUR_OUTPUT FOR
SELECT c.con_no,
       DECODE (a.clm_cori,
               '1', a.clm_cltitle || ' ' || a.clm_initialsfull || ' '
                || a.clm_name,
               a.clm_name
              ) cliname,
       a.clm_code,
       (   a.clm_permaddline1
        || '|'
        || a.clm_permaddline2
        || '|'
        || COALESCE (a.clm_permaddline3, a.clm_permaddline4)
        || '|'
        || NULLIF ((a.clm_permaddline4),
                   COALESCE (a.clm_permaddline3, a.clm_permaddline4)
                  )
       ) address
  FROM leaseinfo.tblcontracts c, corpinfo.tblclientmain a
 WHERE a.clm_code = c.con_clmcode
   AND INSTRFIELD = INSTRCONTRACTNO; ***here INSTRFIELD is the column name 
                                        that i need to pass***

END PR_GETCLIENTCONTRACTDATA;

2 个答案:

答案 0 :(得分:1)

将列名称列入白名单:

PROCEDURE PR_GETCLIENTCONTRACTDATA(
  INSTRFIELD      IN  VARCHAR2,
  INSTRCONTRACTNO IN  VARCHAR2,
  CUR_OUTPUT      OUT T_CURSOR
)
IS
BEGIN
  OPEN CUR_OUTPUT FOR
    SELECT -- your select clauses
    FROM   leaseinfo.tblcontracts c,
           INNER JOIN corpinfo.tblclientmain a -- ANSI join syntax
           ON a.clm_code = c.con_clmcode
    WHERE  CASE INSTRFIELD 
           WHEN 'COLUMNA' THEN ColumnA
           WHEN 'COLUMNB' THEN ColumnB
           WHEN 'COLUMNC' THEN ColumnC
           END = INSTRCONTRACTNO;
END PR_GETCLIENTCONTRACTDATA;
/

答案 1 :(得分:0)

当你使用OPEN cur FOR ...时,你可以传递一个字符串,即

PROCEDURE PR_GETCLIENTCONTRACTDATA(INSTRFIELD IN VARCHAR2,INSTRCONTRACTNO IN VARCHAR2,CUR_OUTPUT OUT T_CURSOR)
IS
 BEGIN
    OPEN CUR_OUTPUT FOR
      'SELECT c.con_no,
       DECODE (a.clm_cori,
               ''1'', a.clm_cltitle || '' '' || a.clm_initialsfull || '' ''
                || a.clm_name,
               a.clm_name
              ) cliname,
       a.clm_code,
       (   a.clm_permaddline1
        || ''|''
        || a.clm_permaddline2
        || ''|''
        || COALESCE (a.clm_permaddline3, a.clm_permaddline4)
        || ''|''
        || NULLIF ((a.clm_permaddline4),
                   COALESCE (a.clm_permaddline3, a.clm_permaddline4)
                  )
       ) address
       FROM leaseinfo.tblcontracts c
           JOIN corpinfo.tblclientmain a ON a.clm_code = c.con_clmcode
       WHERE '||DBMS_ASSERT.SIMPLE_SQL_NAME(INSTRFIELD)||' = :INSTRCONTRACTNO)' 
   USING INSTRCONTRACTNO;

END PR_GETCLIENTCONTRACTDATA;
相关问题
最新问题