MySQL Stored Procedure In Query - mysql

I want to make a MySQL Stored Procedure
DELIMITER $$
DROP PROCEDURE IF EXISTS `SECTOR_INDUSTRY_SP` $$
CREATE PROCEDURE `SECTOR_INDUSTRY_SP`(IN RINSERIES TEXT, IN COMMUNITYIDS TEXT)
READS SQL DATA
BEGIN
SELECT *
from PROFESSIONAL_IDENTITY_MERGED p , std_company_detail s
where (p.pim_company_id = s.cid) AND p.pim_community_id IN ('+'+COMMUNITYIDS+'+')
AND p.pim_rin IN ('+'+RINSERIES+'+');
END $$
DELIMITER ;
As you can see I have two arguments to call this procedure RINSERIES which would be text format like '12312,1234,1239' similarly COMMUNITYIDS is like '2,5,8' but When I would pass, it is interpreting like
SELECT *
from PROFESSIONAL_IDENTITY_MERGED p , std_company_detail s
where (p.pim_company_id = s.cid) AND p.pim_community_id IN ('12312,1234,1239')
AND p.pim_rin IN ('2,5,8');
But I want this query to look like following
SELECT *
from PROFESSIONAL_IDENTITY_MERGED p , std_company_detail s
where (p.pim_company_id = s.cid) AND p.pim_community_id IN (12312,1234,1239)
AND p.pim_rin IN (2,5,8);
How can I do this? Thanks!


Try this:
DELIMITER $$
DROP PROCEDURE IF EXISTS `SECTOR_INDUSTRY_SP` $$
CREATE PROCEDURE `SECTOR_INDUSTRY_SP`(IN RINSERIES TEXT, IN COMMUNITYIDS TEXT)
READS SQL DATA
BEGIN
SET #s = CONCAT("SELECT *
from PROFESSIONAL_IDENTITY_MERGED p , std_company_detail s
where (p.pim_company_id = s.cid) AND p.pim_community_id IN (", COMMUNITYIDS, ")
AND p.pim_rin IN (",RINSERIES,")");
PREPARE stmt FROM #s;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;

Related

How can I send a table as a parameter to stored procedure in MySQL?

I have a stored procedure in MySQL like:
DELIMITER $$
CREATE PROCEDURE addIns(IN insCode VARCHAR(21), IN insName VARCHAR(21), IN stat BIT(1))
BEGIN
INSERT INTO institution(institution.institution_code, institution.institution_name, institution.is_active)
VALUES (insCode, insName, stat);
END$$
DELIMITER ;
But I want like this:
DELIMITER $$
CREATE PROCEDURE addIns(IN _institution)
BEGIN
INSERT INTO institution(institution.institution_code, institution.institution_name, institution.is_active)
VALUES (_institution.institution_code, _institution.institution_name, _institution.is_active);
END$$
DELIMITER ;
Because I want to use this stored procedure in Java Spring App.
How can I provide it?
My instutuion table is:

CREATE PROCEDURE addIns(IN _institution)
BEGIN
#sql := CONCAT( 'INSERT INTO institution (institution_code, institution_name, is_active) SELECT institution_code, institution_name, is_active FROM ' , _institution);
PREPARE stmt FROM #sql;
EXECUTE stmt;
DROP PREPARE stmt;
END

how to pass varchar string to stored procedure where in condition?

how to pass varchar string to stored procedure where in condition?
here, where in condition not work how to solve this problem?
CALL searchStudentByName("%AAP%","'1','2','3'");
MYSQL Stored Procedures:
DELIMITER $$
USE `studentsdb`$$
DROP PROCEDURE IF EXISTS `searchStudentByName`$$
CREATE DEFINER=`root`#`localhost` PROCEDURE `searchStudentByName`(IN `search_key` VARCHAR(40),IN `student_ids` VARCHAR(350))
BEGIN
SELECT students.StudentId,students.StudentName FROM students WHERE students.Status='A' AND students.StudentName LIKE search_key AND students.StudentId NOT IN(student_ids) LIMIT 5;
END$$
DELIMITER ;

You really need to prepare a statement to use a list of values like that. Try this:
CREATE DEFINER=`root`#`localhost` PROCEDURE `searchStudentByName`(IN `search_key` VARCHAR(40),IN `student_ids` VARCHAR(350))
BEGIN
SET #sql = CONCAT("SELECT students.StudentId,students.StudentName FROM students WHERE students.Status='A' AND students.StudentName LIKE '", search_key, "' AND students.StudentId NOT IN(", student_ids, ") LIMIT 5");
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END$$

MYSQL : Undeclared variable

I have two stored procedure the first parameter with static and it works well
but when I but dynamic parameter it gives me an error Undeclared variable: limitvar
1/procedure
`DELIMITER $$
DROP PROCEDURE IF EXISTS `gestprospects`.`recClientsFiltre` $$
CREATE PROCEDURE `recClientsFiltre`(IN params text, in limitvar int , in offsetvar int )
BEGIN
SET #query := concat(concat("SELECT ... WHERE CONCAT(clients.id,'-') in (",params),") limit 10,10");
PREPARE stmt FROM #query ;
EXECUTE stmt ;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;`
2/procedure
DELIMITER $$
DROP PROCEDURE IF EXISTS `gestprospects`.`recClientsFiltre` $$
CREATE PROCEDURE `recClientsFiltre`(IN params text, in limitvar int , in offsetvar int )
BEGIN
SET #query := concat(concat("SELECT ... WHERE CONCAT(clients.id,'-') in (",params),") limit limitvar,offsetvar");
PREPARE stmt FROM #query ;
EXECUTE stmt ;
DEALLOCATE PREPARE stmt;
END $$
DELIMITER ;
Thank you for your reply

You are including the litteral strings limitvar and offsetvar in your dynamic query, whereas you want to include their value.
#query := CONCAT(
"SELECT ... WHERE CONCAT(clients.id,'-') IN (", params,")",
" LIMIT ", limitvar, ", ", offsetvar);
Notice how you can concatenate several strings in one call to CONCAT();

MySQL Stored Procedure using IN variable name not value

I have the following stored procedure defined:
DROP PROCEDURE IF EXISTS `Create_Domain_Table`;
DELIMITER ;;
PROCEDURE `Create_Domain_Table`(IN newTable VARCHAR(255))
BEGIN
CREATE TABLE newTable LIKE `domain_template`;
END;;
DELIMITER ;
However when I call the procedure e.g.
CALL Create_Domain_Table('test_domain_table');
it creates a new table with the a name of newtable and not test_domain_table.
Is there something wrong with my syntax or am I referencing the parameter incorrectly?
Thanks

Use Dynamic SQL on this,
DROP PROCEDURE IF EXISTS `Create_Domain_Table`;
DELIMITER ;;
CREATE PROCEDURE `Create_Domain_Table`(IN newTable VARCHAR(255))
BEGIN
SET #sql = CONCAT('CREATE TABLE `', newTable,'` LIKE domain_template');
PREPARE stmt FROM #sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END;;
DELIMITER ;

mysql query help (like statement)

I am using mysql which i have a stored procedure which has an input variable.
I want to use this variable in a select statement (with like clause).
Eg:
DELIMITER $$
DROP PROCEDURE IF EXISTS `DeleteDataByTransactionID` $$
CREATE DEFINER=`root`#`%` PROCEDURE `DeleteDataByTransactionID`(in **$TransactionID** varchar(50))
BEGIN
delete from sqlstatements where tempsql like '%'+ **$TransactionID** + '%';
END $$
DELIMITER ;
Thanks

DELIMITER $$
DROP PROCEDURE IF EXISTS `DeleteDataByTransactionID`
$$
CREATE DEFINER=`root`#`%` PROCEDURE `DeleteDataByTransactionID`(TransactionID VARCHAR(50))
BEGIN
DELETE
FROM sqlstatements
WHERE tempsql LIKE CONCAT('%', TransactionID, '%');
END
$$
DELIMITER ;

Actually, the accepted answer's version is open to SQL injection if the caller does not properly parameterize the call to the stored procedure. I would recommend utilizing a prepared statement in the stored procedure as follows to be safe instead of relying on the caller:
DELIMITER $$
CREATE PROCEDURE `DeleteDataByTransactionID`
(
TransactionID VARCHAR(50)
)
BEGIN
SET #sql =
"DELETE
FROM sqlstatements
WHERE
tempsql LIKE CONCAT('%', ?, '%')";
SET #transid = TransactionID;
PREPARE stmt FROM #sql;
EXECUTE stmt USING #transid;
DEALLOCATE PREPARE stmt;
END
$$