I am using MySQL -actually MariaDB from PHPMyAdmin- and trying to write an insert inside a stored procedure and for obvious (security) reasons it is not allowed.
I tried to change the permissions using the GRANT EXECUTE ON PROCEDURE statement.
GRANT EXECUTE ON PROCEDURE test.putDataInFull TO 'root'#'localhost'
I have really hit a wall here, any ideas?
edit:
DELIMITER //
CREATE PROCEDURE putDataInFull (IN matchid INT(11))
BEGIN
DECLARE koula int(11);
DECLARE c varchar(255);
SET #koula = matchid;
SET #c := concat('insert into log (match_id, comment) values (?,\'inPUtDataWeTrtust\');');
DECLARE EXIT HANDLER FOR SQLEXCEPTION
BEGIN
SELECT CONCAT(#c, ' is not valid');
END;
PREPARE stmt FROM #c;
EXECUTE stmt USING #koula;
DEALLOCATE PREPARE stmt;
END //
DELIMITER ;
p.s. this is not a production project, just fun, so I really do not care about security.
You can create an insert with your variables. It is not necessary to create a magic string. Here you get an other example of an other stackoverflow question:
DELIMITER $$
CREATE PROCEDURE ADD_WITHDRAWAL_A(IN withdrawalcode_p VARCHAR(25), IN id_p VARCHAR(8), IN amount_p VARCHAR(12), IN datewithdrawn_p VARCHAR(35), IN approved_p VARCHAR(8))
BEGIN
START TRANSACTION;
INSERT INTO Withdrawals(WithdrawalCode, IDD, Amount, DateWithdrawn, Approved)
VALUES (withdrawalcode_p, id_p, amount_p, datewithdrawn_p, approved_p);
UPDATE account SET AccountBalance = AccountBalance - amount_p WHERE IDD = id_p LIMIT 1;
COMMIT;
END $$
DELIMITER ;
Related
I need to update special column in every table that which name start with :-
`REPORT_<"DATE PATERN">`
How actually I can do it?.
upd:
I've tried to write stored procedure, but I'm not familiar with it, so it does not work:
DELIMITER $$
DROP PROCEDURE IF EXISTS `debug_msg`$$
CREATE PROCEDURE debug_msg(enabled INTEGER, msg VARCHAR(255))
BEGIN
IF enabled THEN BEGIN
select concat("** ", msg) AS '** DEBUG:';
END; END IF;
END $$
DELIMITER $$
DROP PROCEDURE IF EXISTS changeColumnType;
CREATE PROCEDURE changeColumnType ()
BEGIN
DECLARE v_finished INTEGER DEFAULT 0;
DECLARE tableName varchar(100);
DEClARE table_cursor CURSOR FOR
SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_NAME LIKE '%REPORT_%';
DECLARE CONTINUE HANDLER
FOR NOT FOUND SET v_finished = 1;
OPEN table_cursor;
get_tableName: LOOP
FETCH table_cursor INTO tableName;
IF v_finished = 1 THEN
LEAVE get_tableName;
END IF;
call debug_msg(1, tableName);
ALTER TABLE tableName MODIFY COLUMN TIME VARCHAR(8);
END LOOP get_tableName;
CLOSE table_cursor;
END$$
DELIMITER ;
I have the following error:
ERROR 1146 (42S02): Table 'test.tablename' doesn't exist.
I fails on this step ALTER TABLE tableName MODIFY COLUMN TIME VARCHAR(8);
Resolved it by adding prepared statement
SET #table = tableName;
SET #s1 = CONCAT('ALTER TABLE ', #table, ' MODIFY COLUMN TIME VARCHAR(8);');
PREPARE stmt FROM #s1;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
I am trying to do the following and I am wondering if that is possible in MySQL:
CREATE PROCEDURE `sp_test`(
ulon int(4),
usrname varchar(20),
usrst varchar(20),
usrdt varchar(10)
)
BEGIN
DECLARE bid int(11);
START TRANSACTION;
SELECT t_bid INTO bid FROM generalb WHERE dt=usrdt;
INSERT
INTO
rslt
(
rbid,
rusrname,
rusrst,
usrdt
)
VALUES
(
bid,
usrname,
usrst,
usrdt
);
call sp_nextproc_13(bid, ulon);
COMMIT;
END;
Look at this line:
call sp_nextproc_13(bid, ulon);
How could I achieve something like this:
call sp_nextproc_#bid(bid, ulon);
I need to be able to call a procedure dynamically as I do not know the name of the procedure until I get the bid. If anyone knows the answer, thanks so much
LATEST UPDATE:
I have made the following changes:
CREATE PROCEDURE `sp_test`(
ulon int(4),
usrname varchar(20),
usrst varchar(20),
usrdt varchar(10)
)
BEGIN
DECLARE bid int(11);
START TRANSACTION;
SELECT t_bid INTO bid FROM generalb WHERE dt=usrdt;
INSERT
INTO
rslt
(
rbid,
rusrname,
rusrst,
usrdt
)
VALUES
(
bid,
usrname,
usrst,
usrdt
);
SET #sql=concat('call sp_nextproc_',bid,'(?,?)');
PREPARE stmt FROM #sql;
SET #var1=bid;
SET #var2=ulon;
EXECUTE stmt USING #var1, #var2;
COMMIT;
END;
IF I hardcode some values, it works. However if I don't, it doesn't. Please see below:
If I call:
CALL sp_test(2, 'John','test','AAAA');
ERROR here:
SELECT t_bid INTO bid FROM generalb WHERE dt=usrdt;
Column t_bid cannot be null
If I hardcode the value like this:
SELECT t_bid INTO bid FROM generalb WHERE dt='AAAA';
The error disappears.
The second error is at the following line:
SET #var1=bid;
SET #var2=ulon;
EXECUTE stmt USING #var1, #var2;
ERROR missing value #var1 and #var2.
If I hardcode var1 and var2, it works:
SET #var1=13;
SET #var2=2;
EXECUTE stmt USING #var1, #var2;
I tried using # and without it on the variables but that didn't work. What I am doing wrong? :(
delimiter $$
create procedure sp_test
(
ulon int(4)
)
BEGIN
DECLARE bid int(11);
set bid=8888;
...
...
...
...
set #sql=concat('call sp_nextproc_',bid,'(?,?)');
prepare stmt from #sql;
set #var1=bid;
set #var2=ulon;
EXECUTE stmt using #var1,#var2;
END
$$
-- ------------
delimiter $$
CREATE PROCEDURE `sp_nextproc_8888`(
IN bid int(11),
IN ulon int(4)
)
BEGIN
select bid,ulon;
END
$$
-- test with these:
-- call sp_test(9999);
-- call sp_nextproc_8888(111,222);
I've got a problem with my MYSQL script. When i try to execute it, MYSQL Workbench send me info that ive got problem with syntax near "int" . Any ideas?
DROP TABLE IF EXISTS Sprzedaz;
DROP PROCEDURE IF EXISTS odwrocenie;
CREATE TABLE IF NOT EXISTS Sprzedaz
(Towar VARCHAR(30), Miesiac VARCHAR(20), Wartosc INT);
INSERT INTO Sprzedaz VALUES('Buty', 'styczen', 230);
INSERT INTO Sprzedaz VALUES('Buty', 'styczen', 100);
INSERT INTO Sprzedaz VALUES('Koszula', 'styczen', 50);
INSERT INTO Sprzedaz VALUES('Koszula', 'luty', 80);
INSERT INTO Sprzedaz VALUES('Krawat', 'marzec', 190);
DELIMITER //
CREATE PROCEDURE odwrocenie()
BEGIN
DECLARE done INT DEFAULT FALSE;
DECLARE miesiac_var VARCHAR(20);
DECLARE miesiac_kursor CURSOR FOR SELECT Miesiac FROM Sprzedaz GROUP BY Miesiac;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = TRUE;
OPEN miesiac_kursor;
read_loop: LOOP
FETCH miesiac_kursor INTO miesiac_var;
IF done THEN
LEAVE read_loop;
END IF;
PREPARE sql_query FROM 'ALTER TABLE Sprzedaz ADD COLUMN ? INT';
EXECUTE sql_query USING #miesiac_var;
END LOOP;
CLOSE miesiac_kursor;
DEALLOCATE PREPARE sql_query;
END
//
DELIMITER ;
CALL odwrocenie();
I've created a stored procedure:
DELIMITER $$
DROP PROCEDURE IF EXISTS `zero`.`sp_for_insert_into_account_db`$$
CREATE PROCEDURE `zero`.`sp_for_insert_into_account_db` (usr_key char(6),usr_name varchar(15),usr_password varchar(15),OUT output_message INT)
BEGIN
DECLARE no_of_row INT;
SELECT COUNT(*) INTO no_of_row from account_db;
IF no_of_row < 4 THEN
SET #s = CONCAT('insert into account_db (USR_KEY,USR_NAME,USR_PWD) VALUES (',usr_key,usr_name,usr_password,')');
PREPARE stmt FROM #s;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
SET output_message=1;
ELSE
SET output_message=0;
END IF;
END$$
DELIMITER ;
I'm calling it with query
call sp_for_insert_into_account_db('a','b','c',#output_ message);
The error is like:
Column count does not match value...
I'm passing 4 arguments...
Why is this error occurring?
I've already checked with this syntax (by default parameter is IN type)
sp_for_insert_into_account_db(IN usr_key char(6),
IN usr_name varchar(15),
IN usr_password varchar(15),
OUT output_message INT)
Problem is also here:
SET #s = CONCAT('insert into account_db (USR_KEY,USR_NAME,USR_PWD) VALUES (',usr_key,usr_name,usr_password,')');
You are trying to insert 3 values and the concatenation returns 1
use this instead:
SET #s = CONCAT('insert into account_db (USR_KEY,USR_NAME,USR_PWD) VALUES (\'',usr_key,'\',\'',usr_name,'\',\'',usr_password,'\')');
Not entirely sure why you're using prepared statements/dynamic sql when you dont need to ?? See the following example which i've cleaned up for you a little:
drop procedure if exists sp_for_insert_into_account_db;
delimiter #
create procedure sp_for_insert_into_account_db
(
in p_usr_key char(6),
in p_usr_name varchar(15),
in p_usr_pwd varchar(15),
out p_output_message tinyint unsigned
)
begin
declare v_no_of_row int unsigned default 0;
set p_output_message=0;
select count(*) into v_no_of_row from account_db;
if v_no_of_row < 4 then
insert into account_db(usr_key, usr_name, usr_pwd) values (p_usr_key, p_usr_name, p_usr_pwd);
set p_output_message = 1;
end if;
end#
delimiter ;
call sp_for_insert_into_account_db (...);
EDIT
are you a COBOL PROGRAMMER FROM THE 1970'S AND IS THAT WHY YOU HAVE TO USE CAPS ?
I need to use a variable to indicate what database to query in the declaration of a cursor. Here is a short snippet of the code :
CREATE PROCEDURE `update_cdrs_lnp_data`(IN dbName VARCHAR(25), OUT returnCode SMALLINT)
cdr_records:BEGIN
DECLARE cdr_record_cursor CURSOR FOR
SELECT cdrs_id, called, calling FROM dbName.cdrs WHERE lrn_checked = 'N';
# Setup logging
DECLARE EXIT HANDLER FOR SQLEXCEPTION
BEGIN
#call log_debug('Got exception in update_cdrs_lnp_data');
SET returnCode = -1;
END;
As you can see, I'm TRYING to use the variable dbName to indicate in which database the query should occur within. However, MySQL will NOT allow that. I also tried things such as :
CREATE PROCEDURE `update_cdrs_lnp_data`(IN dbName VARCHAR(25), OUT returnCode SMALLINT)
cdr_records:BEGIN
DECLARE cdr_record_cursor CURSOR FOR
SET #query = CONCAT("SELECT cdrs_id, called, calling FROM " ,dbName, ".cdrs WHERE lrn_checked = 'N' ");
PREPARE STMT FROM #query;
EXECUTE STMT;
# Setup logging
DECLARE EXIT HANDLER FOR SQLEXCEPTION
BEGIN
#call log_debug('Got exception in update_cdrs_lnp_data');
SET returnCode = -1;
END;
Of course this doesn't work either as MySQL only allows a standard SQL statement in the cursor declaration.
Can anyone think of a way to use the same stored procedure in multiple databases by passing in the name of the db that should be affected?
The answer of Vijay Jadhav is the right way to solve this limitation by MySQL. Actually, you need 3 proc to accomplish it:
proc1 using Vijay Jadhav's way, works like a data collector. You need to pass the variables to proc1 and let it create the tmp table for proc2. There is one limiation of Vijay's way, he should create a TEMPORARY table by using "CREATE TEMPORARY TABLE tmp_table_name SELECT ...". Because temporary table is thread safe.
proc2 declare the cursor on the tmp table which is created by proc1. Since the tmp table is already known and hard coded into the declaration, no more "table not found" error.
proc3 works like a "main" function, with all the parameters need to be sent to proc1 and proc2. proc3 simply calls proc1 first and then proc2 with the parameters need by each proc.
p.s Need to set system variable "sql_notes" to 0, otherwise proc1 will stop on DROP TABLE command.
Here is my example:
CREATE PROCEDURE `proc1`(SourceDBName CHAR(50), SourceTableName CHAR(50))
BEGIN
DECLARE SQLStmt TEXT;
SET #SQLStmt = CONCAT('DROP TEMPORARY TABLE IF EXISTS tmp_table_name');
PREPARE Stmt FROM #SQLStmt;
EXECUTE Stmt;
DEALLOCATE PREPARE Stmt;
SET #SQLStmt = CONCAT('CREATE TEMPORARY TABLE tmp_table_name SELECT ... FROM ',SourceDBName,'.',SourceTableName,' WHERE ... ');
PREPARE Stmt FROM #SQLStmt;
EXECUTE Stmt;
DEALLOCATE PREPARE Stmt;
END$$
CREATE PROCEDURE `proc2`(TargetDBName CHAR(50), TargetTemplateTableName CHAR(50))
BEGIN
DECLARE done INT DEFAULT 0;
DECLARE FieldValue CHAR(50);
DECLARE CursorSegment CURSOR FOR SELECT ... FROM tmp_table_name;
DECLARE CONTINUE HANDLER FOR NOT FOUND SET done = 1;
OPEN CursorSegment;
REPEAT
FETCH CursorSegment INTO FieldValue;
IF NOT done THEN
...
END IF;
UNTIL done END REPEAT;
CLOSE CursorSegment;
END$$
CREATE PROCEDURE `proc3`(SourceDBName CHAR(50), SourceTableName CHAR(50), TargetDBName CHAR(50), TargetTemplateTableName CHAR(50))
BEGIN
CALL proc1(SourceDBName, SourceTableName);
CALL proc2(TargetDBName, TargetTemplateTableName);
END$$
No, you can't do that in cursors.
Maybe just prepared statements may do the job? :
delimiter ;;
create procedure test(in dbName varchar(40))
begin
set #query := CONCAT("SELECT * FROM " , dbName, ".db;");
PREPARE s from #query;
EXECUTE s;
DEALLOCATE PREPARE s;
end;;
delimiter ;
call test("mysql");
Try to create (temporary) table using prepared statement in a different procedure.
SET #query = CONCAT("CREATE TABLE temp_table AS SELECT cdrs_id, called, calling FROM " ,dbName, ".cdrs WHERE lrn_checked = 'N' ");
...
And then select data from that table in your 'test' procedure.
The answer to this is that it cannot be done. You cannot use variables in the cursor declaration. I appreciate noonex's response. However, his solution does not allow me to walk through the results. It simply executes the query.
create procedure test(in dbName varchar(40))
READS SQL DATA <- this line returns will allow you to walk through the results
begin
...
$result = call test("mysql");