我有以下存储过程
DELIMITER $$
USE `database_name`$$
DROP FUNCTION IF EXISTS `get_data`$$
CREATE DEFINER=`database_name`@`%` FUNCTION `get_data`(
v_search_text TEXT
) RETURNS TEXT CHARSET utf8
DETERMINISTIC
BEGIN
DECLARE v_select TEXT DEFAULT 'SELECT ';
DECLARE v_from TEXT DEFAULT ' FROM ';
DECLARE v_order,v_group TEXT DEFAULT '';
DECLARE v_where TEXT DEFAULT ' WHERE 1 = 1 ';
DECLARE v_return_string TEXT DEFAULT '';
SET v_select = CONCAT(v_select,"id, title, detail", v_from, "table");
IF(IFNULL(v_search_text,'') != '' ) THEN
SET v_search_text = QUOTE(v_search_text);
SET v_where = CONCAT(v_where," AND (title like '%",v_search_text,"%' or detail like '%",v_search_text,"%' )");
END IF;
-- other stuff like order, pagination etc.
SET v_return_string = CONCAT(
v_select,
v_from,
v_where
);
PREPARE v_return_string FROM @count_query;
EXECUTE v_return_string;
END$$
DELIMITER ;
现在的问题是让我们假设,我有如下表中的数据
id---标题---详细信息
1-----A'a---- 详情
2-----B"b----详细信息"b
现在,如果我调用上面的 SP 并将搜索参数传递为 ' 那么它将中断:
call get_data('\''); -- means search the data which has single quote in it
要解决这个问题,我可以更改如下所示的一行
SET v_where = CONCAT(v_where," AND (title like '%",v_search_text,"%' or detail like '%",v_search_text,"%' )");
至
SET v_where = CONCAT(v_where,' AND (title like "%',v_search_text,'%" or detail like "%',v_search_text,'%" )');
然后它将适用于单引号,但它将中断双引号。那么有没有办法解决这两种情况呢?
最佳答案
我更改了以下行:
SET v_where = CONCAT(v_where," AND (title like '%",v_search_text,"%' or detail like '%",v_search_text,"%' )");
如下:
SET v_search_text = QUOTE(CONCAT('%',v_search_text,'%'));
SET v_where = CONCAT(v_where," AND (title like ",v_search_text," or detail like ",v_search_text," )");
问题已解决。
关于mysql - 处理 mysql sp 中的单引号和双引号,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52593168/