mariadb不执行insert-in过程

vs91vp4v  于 2021-06-18  发布在  Mysql
关注(0)|答案(1)|浏览(349)

我正在使用mysql—实际上是phpmyadmin中的mariadb—并尝试在存储过程中编写一个insert,但出于明显的(安全)原因,这是不允许的。
我试图使用grant execute on procedure语句更改权限。

GRANT EXECUTE ON PROCEDURE test.putDataInFull TO 'root'@'localhost'

我真的遇到麻烦了,有什么主意吗?
编辑:

DELIMITER //
CREATE PROCEDURE putDataInFull (IN matchid INT(11))
BEGIN
  DECLARE koula int(11);
  DECLARE c     varchar(255);
  SET @koula = matchid;
  SET @c := concat('insert into log (match_id, comment) values (?,\'inPUtDataWeTrtust\');');

  DECLARE EXIT HANDLER FOR SQLEXCEPTION
       BEGIN
         SELECT CONCAT(@c, ' is not valid');
       END;
  PREPARE stmt FROM @c;
  EXECUTE stmt USING @koula;
  DEALLOCATE PREPARE stmt;
END //
DELIMITER ;

p、 这不是一个生产项目,只是好玩,所以我真的不在乎安全。

nukf8bse

nukf8bse1#

可以使用变量创建insert。不需要创建魔术字符串。下面是另一个stackoverflow问题的例子:

DELIMITER $$

CREATE  PROCEDURE ADD_WITHDRAWAL_A(IN withdrawalcode_p VARCHAR(25), IN id_p VARCHAR(8), IN amount_p VARCHAR(12), IN datewithdrawn_p VARCHAR(35), IN approved_p VARCHAR(8))
BEGIN

     START TRANSACTION;

     INSERT INTO Withdrawals(WithdrawalCode, IDD, Amount, DateWithdrawn, Approved) 
     VALUES (withdrawalcode_p, id_p, amount_p, datewithdrawn_p, approved_p);

     UPDATE account SET AccountBalance = AccountBalance - amount_p WHERE IDD = id_p LIMIT 1;

     COMMIT;

END $$

DELIMITER ;

相关问题