mysql (sehr) dynamisch vorbereitete Anweisung

Question

Gibt es eine Möglichkeit, etwas ähnliches wie dieses Beispiel zum Arbeiten in mysql zu machen?

SET @my_columns = "(col_1 , col_2 , col_n)"; 
SET @my_values = "(val_1 , val_2 , val_n)"; 

SET @vs_query = "INSERT INTO my_table ? VALUES ? "; 

PREPARE stmt FROM @vs_query; 
EXECUTE stmt USING @my_columns , @my_values; 
DEALLOCATE PREPARE stmt; 

Answer 1

Sie können sehr dynamische Abfragen in mysql erstellen.

Ein Beispiel für Ihre Frage - jetzt mit zusätzlichen SQL-Injection-Schutz!

DELIMITER ;; 

DROP PROCEDURE IF EXISTS insert_into_table_columns_values ;; 

CREATE DEFINER=`root`@`localhost` PROCEDURE insert_into_table_columns_values(IN tableName_ text, IN columns_ text, IN values_ text) 
BEGIN 

    DECLARE tableText text ; 
    DECLARE columnText text ; 
    DECLARE valuesText text ; 

    set @tableText = tableName_ ; 
    set @columnsText = columns_ ; 
    set @valuesText = values_ ; 

    SELECT LOCATE('select', @tableText) into @tableTextSelect ; 
    SELECT LOCATE('delete', @tableText) into @tableTextDelete ; 
    SELECT LOCATE('truncate', @tableText) into @tableTextTruncate ; 
    SELECT LOCATE('drop', @tableText) into @tableTextDrop ; 

    SELECT LOCATE('select', @columnsText) into @columnsTextSelect ; 
    SELECT LOCATE('delete', @columnsText) into @columnsTextDelete ; 
    SELECT LOCATE('truncate', @columnsText) into @columnsTextTruncate ; 
    SELECT LOCATE('drop', @columnsText) into @columnsTextTextDrop ; 

    SELECT LOCATE('select', @valuesText) into @valuesTextSelect ; 
    SELECT LOCATE('delete', @valuesText) into @valuesTextDelete ; 
    SELECT LOCATE('truncate', @valuesText) into @valuesTextTruncate ; 
    SELECT LOCATE('drop', @valuesText) into @valuesTextTextDrop ; 

    if @tableTextSelect 
     + @tableTextDelete 
     + @tableTextTruncate 
     + @tableTextDrop 

     + @columnsTextSelect 
     + @columnsTextDelete 
     + @columnsTextTruncate 
     + @columnsTextTextDrop 

     + @valuesTextSelect 
     + @valuesTextDelete 
     + @valuesTextTruncate 
     + @valuesTextTextDrop 

     = 0 then 

     set @insertSQL = concat('insert into ', @tableText, @columnsText , ' values ', @valuesText , ' ; ') ; 

     PREPARE insertStatement FROM @insertSQL; 
     EXECUTE insertStatement ; 
     DEALLOCATE PREPARE insertStatement; 

    else 

     select 'invalid parameter(s)' error 
     , @tableText table_ 
     , @columnsText columns_ 
     , @valuesText values_ 

     , @tableTextSelect 
     , @tableTextDelete 
     , @tableTextTruncate 
     , @tableTextDrop 

     , @columnsTextSelect 
     , @columnsTextDelete 
     , @columnsTextTruncate 
     , @columnsTextTextDrop 

     , @valuesTextSelect 
     , @valuesTextDelete 
     , @valuesTextTruncate 
     , @valuesTextTextDrop ; 

    end if ; 



END;; 
DELIMITER ; 

-- example 
call insert_into_table_columns_values('truncate employees', '(hire_date)', "('2017-06-12')") ; 

-- results as json 
{ 
    "data": 
    [ 
     { 
      "error": "invalid parameter(s)", 
      "table_": "truncate employees", 
      "columns_": "(hire_date)", 
      "values_": "('2017-06-12')", 
      "@tableTextSelect": 0, 
      "@tableTextDelete": 0, 
      "@tableTextTruncate": 1, 
      "@tableTextDrop": 0, 
      "@columnsTextSelect": 0, 
      "@columnsTextDelete": 0, 
      "@columnsTextTruncate": 0, 
      "@columnsTextTextDrop": 0, 
      "@valuesTextSelect": 0, 
      "@valuesTextDelete": 0, 
      "@valuesTextTruncate": 0, 
      "@valuesTextTextDrop": 0 
     } 
    ] 
} 

Getestet auf MySQL.