Can you pass a SQL function?
I have the following function:
CREATE OR REPLACE PROCEDURE run_query (p_sql IN VARCHAR2) IS
v_v_val VARCHAR2 (4000);
v_n_val NUMBER;
v_d_val DATE;
v_ret NUMBER;
c NUMBER;
d NUMBER;
col_cnt INTEGER.
f BOOLEAN;
rec_tab DBMS_SQL. DESC_TAB;
col_num NUMBER;
v_rowcount NUMBER: = 0;
v_csv VARCHAR2 (32000);
BEGIN
-create a slider
c: = DBMS_SQL. OPEN_CURSOR;
-analyze the SQL statement in the cursor
DBMS_SQL. PARSE (c, p_sql, DBMS_SQL. NATIVE);
-run the cursor
d: = DBMS_SQL. Execute (c);
--
-Describe the columns that are returned by the SQL statement
DBMS_SQL. DESCRIBE_COLUMNS (c, col_cnt, rec_tab);
--
-Local variables Bind to return to the different columns according to their types
1.col_cnt J
LOOP
CASE rec_tab (j) .col_type
WHEN 1 THEN DBMS_SQL. DEFINE_COLUMN (c, j, v_v_val, 2000); -Varchar2
WHEN 2 THEN DBMS_SQL. DEFINE_COLUMN (c, j, v_n_val); -Number
WHEN 12 THEN DBMS_SQL. DEFINE_COLUMN (c, j, v_d_val); -Date
ON THE OTHER
DBMS_SQL. DEFINE_COLUMN (c, j, v_v_val, 2000); -Any other type of return as varchar2
END CASE;
END LOOP;
-This part generates the DATA
LOOP
-Retrieves a row of data using the cursor
v_ret: = DBMS_SQL. FETCH_ROWS (c);
-Output when no more line
WHEN OUTPUT v_ret = 0;
v_rowcount: = v_rowcount + 1;
-Extract the value of each column of the row
1.col_cnt J
LOOP
-Fetch each column to the correct data type according to the description of the column
CASE rec_tab (j) .col_type
WHEN 1 THEN DBMS_SQL. COLUMN_VALUE (c, j, v_v_val);
v_csv: = v_csv | «, » || v_v_val;
WHEN 2 THEN DBMS_SQL. COLUMN_VALUE (c, j, v_n_val);
v_csv: = v_csv | «, » || v_n_val;
WHEN 12 THEN DBMS_SQL. COLUMN_VALUE (c, j, v_d_val);
v_csv: = v_csv | «, » || TO_CHAR (v_d_val, ' DD/MM/YYYY HH24:MI:SS');
ON THE OTHER
DBMS_SQL. COLUMN_VALUE (c, j, v_v_val);
DBMS_OUTPUT. Put_line (v_v_val);
END CASE;
END LOOP;
dbms_output.put_line (substr(v_csv,2));
v_csv: = ";
END LOOP;
DBMS_SQL. CLOSE_CURSOR (c);
END;
/
It allows to feed in an arbitrary query and returned a set of data comma separated. For example:
SQL > run_query exec ('select * from scott.emp where deptno = 10');
7782, CLARK, MANAGER, 7839, 1981/09/06 00:00:00, 2450, 10
7839, KING, PRESIDENT, 17/11/1981-00:00:00, 5000, 10
7934, MILLER, CLERK, 7782, 1982/01/23 00:00:00, 1300, 10
PL/SQL procedure successfully completed.
SQL > exec run_query ("select * from (select * from scott.emp where deptno = 10 order by sal desc) where rownum < 5'");
7839, KING, PRESIDENT, 17/11/1981-00:00:00, 5000, 10
7782, CLARK, MANAGER, 7839, 1981/09/06 00:00:00, 2450, 10
7934, MILLER, CLERK, 7782, 1982/01/23 00:00:00, 1300, 10
(I'm not saying that it is a good practice: on the contrary.) But it is a requirement that was worth and I need to know how to cope, not arguing with it).
My question is: the code works when the application before she includes not single quotes. As soon as he does, he died:
SQL > run_query exec ('select 'Example', sal scott.emp where deptno = 10');
BEGIN run_query ('select 'Example', sal scott.emp where deptno = 10'); END;
*
ERROR on line 1:
ORA-06550: line 1, column 26:
PLS-00103: encountered the symbol "EXAMPLE" when awaits an of the
Next:
), * & = - + <>/ is mod remains not rem = >
< an exponent (*) > <>or! = or ~ = > = < = <>and like2 or
like4 likec in reports between use. Member of type multiset
submultiset
The symbol ", has been inserted before"EXAMPLE"to continue."
I could of course escape quotation marks simple "internal", but the goal is for end-users to feed in their queries, without having to rewrite with delicate escape sequences!
So the question is: is there a way I can allow users to feed their SQL in the procedure without having to worry about the single quotes that might be in the middle of it?
Still, I realize has the risk of SQL injection... but I would like to help on the practicalities of quotes, not managing a risk which I am aware (and dealing with outside the procedural code, that I showed here).
In other words, even if you think it's the worst idea in the world, I still want to know how I could feed 'select 'Example', sal scott.emp where deptno = 10'procedure that it is correctly.
Is there a character that you can be reasonably confident does not appear in the SQL statement? If so, you can probably use the q citing the syntax. For example
SELECT q'{select 'a', 'b', 'c' from dual}' FROM dual
who can get applied to the call to function as well
SQL> exec run_query( q'{select 'a', 'b', 'c' from dual}' ); a b c PL/SQL procedure successfully completed.
If you can be reasonably sure that there is no {or} character (or a number of other pairs), you can just that wrap the SQL statement. Of course, this assumes that there is some bit of code enforcement between the user and the procedure call that can add to the {and}. If this is the case, you could also just double apostrophes that meet you.
Justin
Tags: Database
Similar Questions
-
Can you pass objects (no strings) to application.onConnect ()?
Documentation on the parameters for application.onConnect () is below. It can take a customer 'object' but is ambiguous in the optional parameters (vs channels objects). I'm guessing that only strings?
I have an item of value user with a few pieces of info in it that I pass around the client side and he would like the server to be added to its list of users (usersSO). I guess I'll have to send it upward into pieces then re-create somehow on the server?
Parameters
- clientObj
- A customer object. This object contains information about the client that connects to the application.
- p1 ..., pN
- Optional parameters passed to the application.onConnect() Manager of the client-sideNetConnection.connect()
Yes... you think actionscript 1 when you pass arguments to FMS for treatment. No class, no specimen.
There was noises on AS3 support in a future version of FMS, but I think that at this stage it's just that... noise.
-
can you pass between the United States and Canada app store
Hi... my Bank has an application to the United States that is not available to the Canada. How can I use my Canadian apple ID to switch stores?
Yes and no but mostly not.
The iTunes Store in a country is intended for use only by residents of this country and only while they are in the country. To use the iTunes Store in a country, you must use a credit card (or other type of card so acceptable in a country) published in this country, charged to an address in this country and also be physically present in this country when you use the store. You are also limited to 90 days between countries pending changes.
For example, "the iTunes Service is available only in the United States, its territories and possessions. You agree not to use or attempt to use the Service from iTunes outside these locations. Apple may use technologies to verify your respect. "- http://www.apple.com/legal/itunes/us/terms.html#SERVICE
-
I speak not of Essentials Plus vMotion between hosts or migration of VMS between hosts and data warehouses online. Just curious to know if its possible to off a virtual machine and click the button to migrate to another store of data with the basic Essentials bundle.
Welcome to the community - Yes you can - it's what we call a cold migration.
-
Can I use the SQL function while setting of passage in the links?
4.2.1
Hello
I have a report that is a hypertext link (using the column binding feature standard apex) to another page. One of the parameters (columns) I spend is a varchar column with & values. Now, there is a restriction on the passage, & in the apex in 4.2.1. I was wondering if we can use something as a replacement (COLUMN1 # #, ' & ','-')) in the connection settings?
Unfortunately, the column does not have an equivalent id that can be used.
All of the suggestions.
Thank you
Ryanryansun wrote:
4.2.1Hello
I have a report that is a hypertext link (using the column binding feature standard apex) to another page. One of the parameters (columns) I spend is a varchar column with & values. Now, there is a restriction on passage and in the apex in 4.2.1. I was wondering if we can use something like a replace(#COLUMN1#,'&','-')) in the connection settings?
Unfortunately, the column does not have an equivalent id that can be used.
All of the suggestions.
Thank you
RyanYou can create another field in your query that might contain the value "prepared" - you set this to be a hidden column in the report definition and use it in the URL.
-
A click can be passed to multiple functions?
If I have about five parms in a click event of a button, a wish to move from three to two to another function, and a function is it possible?
Thank you.
Yes, all five are required, but your managers do not have to use them all.
-
Envy 17 t: can you pass the Envy 17 laptop Win 7 t to an SSD?
I have contacted at least three chat agents, agent of a tech support and a sales agent. I received conflicting answers each. Sales agent suggested I buy the computer laptop and if I couldn't it going to an SSD I could return it free of charge. Sounds a bit risky. I asked a tech for this upgrade document and the agent says none exists and to call tech support for help.
Does anyone have the correct answer and HP material for this procedure?
Thank you
You are the very welcome.
-
Can you pass url parameter to SampleVideoPlayer_FP?
I would like to send the name of the file for the sample player f4v, so it loads immediately.
Is there a way to do this?
Thank you very much
KeV
Hello
The missing models are all DRM related classes, which means that you do not have the playerglobal.swc (for Flash Player) and airglobal.swc (for AIR) successfully imported. I'll create a separate forum thread detailing this information for the community.
[How to deal with 'missing type' error messages for DRMContentData DRMVoucher, DRMStatusEvent, etc...]
1 locate your airglobal.swc to your Flash Access DVD file to:
\Reference Implementation\Sample video Players\AIR\airglobal.swc\ 2. locate your playerglobal.swc in your Flash Access DVD file to:
\Reference Implementation\Sample Players\ video 3 copy airglobal.swc to your download directory of the Flex SDK (for example C:\Program Files\Adobe\Flex Builder 3\sdks\3.2.0\frameworks\libs\air\) kit
4 copy playerglobal.swc in your directory of the Flex SDK SDK download to the location of Flash Player 10 (for example C:\Program Files\Adobe\Flex Builder 3\sdks\3.2.0\frameworks\libs\player\10)
see you soon,
/ Eric.
-
The use of tags is the best way to know which emails I have completed action on. Now when I select an email, it appears in black instead of the selected color of the tag that I assigned. It's very confusing. I make sure that I don't have the selected e-mail to make sure that I have tagged it. This is not good. It takes additional measures and I find myself double checking of things all the time. It's a lot of time. I love Thunderbird, but this feature on the most recent update has to go. Please change back.
something nonstandard here.
The text of the selected item must be the opposite of not selected, so if the normal text is black, labeled selected item should be white.selected text see the image as an attachment.
-
Can you pass a license mobile phone to laptop?
I bought a new laptop. I am being tested, don't know if I'll keep. I buy a new items 10. I intend to install it on this new laptop. What happens if I decide to return this laptop to the store, I have all my software will uninstall eventually. Will I always have 2 licenses left?
Yes, just be sure to go to the Publisher > help > deactivate before uninstalling.
-
Can be passed to the formula of the procedure/function the column value?
Cf_value is back after some calculation using the main request.
Can be passed directly the value of column of formulas of procedure without assinged to placeorder?
as below...
f_convert(:cf_value,new_value);
---------------------------------------------------------------
My procedure is...
PROCEDURE f_convert (val1 val2 in number, number) IS
BEGIN
val2: = val1 * 100;
END;
If anyone knows pls answer me...In fact, if there is that other calculations he (in Proceudre)
Can I used is like below?
---
PROCEDURE f_convert (val1 val2 in number, number) ISBEGIN
val2: = val1 * 100;
return (val2);
END;
----A procedure cannot return a value, the return in my previous post clause was part of the function for formula column.
Let's say you have a column of forms of so-called CF_2, then the function because it will be like:function cf_2formula return number is val1 number; val2 number; begin val2 := :cf_1 * 100; -- or val2 := val1 * 100 --parameters not allowed in formula column function -- All the other code that you need inclusive of calling function, procedure as in any PL/SQL block can be placed return (val2); end;
Any calculation can be used in the service of the formula column
-
Pass a list of values to a pl/sql function
I would like to pass a list of values to a pl/sql function where the list will be used in an IN clause. Ideally, I would like to do the following:
CREATE or REPLACE FUNCTION (dept_list in varchar2)
Start
Select... where dept in (dept_list);
use: process_list ('7730,7735,7740,7745');
I can't find an example to do based on pl/sql, but it seems feasible.
Is there a way to do this?user12088323 wrote:
I would like to pass a list of values to a pl/sql function where the list will be used in an IN clause.
use: process_list ('7730,7735,7740,7745');
The first thing is that you need an appropriate data type for storing a list of numbers. A unique value that look you like a list of numbers, is not actually a list of numbers but a single character value.
This example uses the built in odcinumberlist data type in a procedure, you can do the same in function
Re: Pass an array to an Oracle stored procedure
If you have an older version of the database, you may need to create your own type with the same definition of odcinumberlist.
-
A query can be passed to the user-defined function?
Hello
I created a function that takes one parameter and returns a value. Now tha value that is passed into the function comes also from a query, so can I pass that Charly directly in the parameter?
I tried this but it is giving error: ORA-00936: lack of expression.
Above code is in error. How do I get my requirement?select ID from table1 where areaid=f_getAreaID(SELECT sec FROM table2 WHERE artid='3232') and type='p002'
Note: Assume that query to the function will always return a value of skis.
Published by: bootstrap on August 28, 2011 12:13Subquery must be enclosed in parentheses. Function parameters must be placed in brackets. Therefore, you should use
select ID from table1 where areaid=f_getAreaID((SELECT sec FROM table2 WHERE artid='3232')) and type='p002'
Remember, it must be a scalar subquery (subquery returns one or no line).
SY.
-
Can you explain why the "analytical" Word is used in Sql
I found to define the "analytic function" phrase is such: "a piece of syntax that is originating excessive."
I don't understand why's called it "Analytics". In English 'analytical' comes from the word "to analyse" which means the examination of something. So it looks like "analytic function" should review/analyze something? but all the functions examaine/analyze something. If I group by article in my request, then all aggregate functions will conduct the review of the data, then why I call them better too 'analytic (al). Can you explain why the "analytical" Word is used in Sql world?CharlesRoos wrote:
I found to define the "analytic function" phrase is such: "a piece of syntax that is originating excessive."
I don't understand why's called it "Analytics". In English 'analytical' comes from the word "to analyse" which means the examination of something. So it looks like "analytic function" should review/analyze something? but all the functions examaine/analyze something. If I group by article in my request, then all aggregate functions will conduct the review of the data, then why I call them better too 'analytic (al). Can you explain why the "analytical" Word is used in Sql world?Aggregate functions will bring together data that is to sum or count etc once it is grouped together. It is not just review, but grouping.
Analytical functions review / analyze the other rows of data, without having to group them in the result that they can summarize a set of values of a particular group (partition) of the data, or they can simply retrieve values of other lines (for example lead, lag, the first_value, last_value etc. functions.) They are able to look through the data without any aggregation of it. So why they are analytical. -
Pass a value from a PL/SQL function to a javascript (html header)?
Hey guys,.
Have a question on how to pass a value of a PL/SQL to a JavaScript function in the HTML header.
I created a PL/SQL function in my database, which makes a loop.
The reason is: on my apex page when the user selects a code, it should display (or highlight the buttons) the different project id is present for that particular code.
example = code 1
a project id = 5, 6, 7
code 2
a project id = 7.8
Thank you for your help or Suggestions
Jesh
The PL/SQL function:
Contact_details (ACT_CODE1 in NUMBER) of the FUNCTION to CREATE or REPLACE RETURN VARCHAR2 IS
Project_codes varchar2 (10);
CURSOR contact_cur IS
SELECT ACT_CODE, PROJECT
OF ACTASQ. ASQ_CONTACT where ACT_CODE = ACT_CODE1;
currec contact_cur % rowtype;
/******************************************************************************
NAME: contact_details
PURPOSE:
REVISIONS:
Worm Date Description of the author
--------- ---------- --------------- ------------------------------------
1.0 06/25/2009 1. Created this function.
******************************************************************************/
BEGIN
FOR currec in contact_cur LOOP
dbms_output.put_line (currec. PROJECT | '|');
Project_codes: = currec. PROJECT | '|' || Project_codes;
END LOOP;
RETURN Project_codes;
EXCEPTION
WHEN NO_DATA_FOUND THEN
NULL;
WHILE OTHERS THEN
-Consider recording the error and then re-raise
LIFT;
END contact_details;
/
Maybe you are looking for
-
That's what it appears to be: Please help, thnks!
-
IPhone 4S icloud account blocked
I bought used iphone 4s, complete with box and imei number. But the last user icloud account always connect. How can I connect on the last user account?
-
Is there a free application to detect the virus and Trojans on my iMac?
I think I have an evil entity of some sort on my computer. It is not malware. Is there a free app to download to search for viruses and Trojan horses to an iMac, OSX 10.9.5? Thanks for the recommendations.
-
Screen white (on two laptops) from Microsoft update!
I have TWO laptops that have developed the same so-called 'fault' which, according to microsoft is a mistake of the laptop I read of another user on this forum to have the same problem. Both my laptop suddenly develop these flaws strangely the same d
-
You can always buy Microsoft XP Professional product keys?
I don't want all the funny as '' Why? '' answers or "its obsolete". I just a Yes or no and a link to a place that sells them. PS do not try and sell me yours, I'm not interested.