Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mysql dynamic query in stored procedure

Tags:

sql

mysql

stored-procedures

i am creating a dynamic query in stored procedure. my stored procedure is as follows:

CREATE PROCEDURE `test1`(IN tab_name VARCHAR(40),IN w_team VARCHAR(40))
BEGIN
SET @t1 =CONCAT("SELECT * FROM ",tab_name," where team=",w_team);
 PREPARE stmt3 FROM @t1;
 EXECUTE stmt3;
 DEALLOCATE PREPARE stmt3;
END

when i try to run it with the following call:

call test1 ('Test','SPA');

i get the following error message:

Error Code: 1054. Unknown column 'SPA' in 'where clause'

i tested without where condition and it works fine, but with the where condition its not working, i tried using @ with the variable name but it still does not work.

Thanks for your help.

like image 499
Shann Avatar asked Apr 20 '14 05:04

Shann

2 Answers

Error Code: 1054. Unknown column 'SPA' in 'where clause'

This happens when you do not enclose input string within quotes, and SQL engine tries to identify it as a column in the table being queried. But it fails as it can't find it.

But what happens when it finds such column?
It fetches results when it finds some matches on the column values.
Obviously this is not what one was expecting.

How to overcome this? Use Prepared Statements with dynamic input values.

You can use placeholders like ? in stored procedures too on dynamic input values to use with Prepared Statements. The engine will handle escape characters and other string values when assigned to or compared within SQL expressions.

You just need to re-assign procedure inputs to one or more session variables, as required.

Example on your procedure: 

CREATE PROCEDURE `test1`( IN tab_name VARCHAR(40), IN w_team VARCHAR(40) )
BEGIN
  SET @t1 = CONCAT( 'SELECT * FROM ', tab_name, ' where team = ?' ); -- <-- placeholder
  SET @w_team := w_team;

  PREPARE stmt3 FROM @t1;
  EXECUTE stmt3 USING @w_team; -- <-- input for placeholder
  DEALLOCATE PREPARE stmt3;
END;
like image 150
Ravinder Reddy Avatar answered Oct 22 '22 06:10

Ravinder Reddy

You missed to enclose the parameter w_team in WHERE clause.

Try like this:

SET @t1 =CONCAT("SELECT * FROM ",tab_name," where team='",w_team,"'");

Explanation:

Query from your code would be like:

SELECT * FROM Test where team=SPA

It will try find a column SPA which is not available, hence the error.

And we changed it to:

SELECT * FROM Test where team='SPA'
like image 9
Raging Bull Avatar answered Oct 22 '22 06:10

Raging Bull
Sign in to Comment

Related questions

Spring-Boot, Can't save unicode string in MySql using spring-data JPA
Laravel dynamic dropdown country and state
MySql stops unexpectedly
mysql could not connect the SSH tunnel -> access denied for 'none'
Laravel Sail rebuild default database
MySql driver not installed error for Zend application
how to import mysql tables to SOLR
Should I run VACUUM in transaction or after?
MySQL concatenating fields but ignoring empty ones
Tool for convert SQL code to diagram
query sql convert text field dd/mm/yyyy to date field yyyy-mm-dd
Count() and left join problem
InnoDB performance tweaks
Empty string inserting a zero, not a null
MySQL ORDER BY COUNT()?
Adjusting for the default time-zone setting on RDS
MySQL Python LIKE wildcard
Python MySQL: Not showing inserted records [duplicate]
Dapper LIKE query for MySql safe against Sql Injection?
how to get product id and sku in magento with SQL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!