Menu
I am trying to create a simple procedure with parameters.
CALL new_procedure('mode', 'ASC');
The first input is the column the second is the sort direction
DELIMITER $$
CREATE DEFINER=`root`@`localhost` PROCEDURE `new_procedure`(IN in_order_by_column varchar(20), in_order_by_direction char(4))
BEGIN
DECLARE order_by varchar(30);
SET @order_by = CONCAT('`', in_order_by_column, '` ', in_order_by_direction);
/*
SELECT * FROM `common_tags` ORDER BY @order_by LIMIT 5;
*/
SELECT @order_by as 'c';
END
In the above example I have it only outputting the 2 parameters so I can see what's happening.
Result:
"c"
`mode` ASC
.
When I run the procedure with it's intended code, below.
DELIMITER $$
CREATE DEFINER=`root`@`localhost` PROCEDURE `new_procedure`(IN in_order_by_column varchar(20), in_order_by_direction char(4))
BEGIN
DECLARE order_by varchar(30);
SET @order_by = CONCAT('`', in_order_by_column, '` ', in_order_by_direction);
SELECT * FROM `common_tags` ORDER BY @order_by LIMIT 5;
END
Results
tags_id data mode parent_id position
1 Wood 2 13 6
2 Trippy 0 0 0
4 Artists 1 0 1
6 "Newest Additions" 1 0 11
12 "Natural Elements" 2 5 8
As you can see the results are not sorted by mode.
Any help is appreciated.
570
This procedure accepts id of the customer as IN parameter and returns product name (String), customer name (String) and, price (int) values as OUT parameters from the sales table. To call the procedure with parameters pass @parameter_name as parameters, in these parameters the output values are stored.
As a program, a stored procedure can take parameters. There are three types of parameters: IN, OUT and INOUT.
Parameters are used to exchange data between stored procedures and functions and the application or tool that called the stored procedure or function: Input parameters allow the caller to pass a data value to the stored procedure or function.
The procedure body has three parts: an optional declarative part, an executable part, and an optional exception-handling part. The declarative part contains declarations of types, cursors, constants, variables, exceptions, and subprograms.
Unfortunately, you need to PREPARE entire query in this case:
DELIMITER $$
DROP PROCEDURE IF EXISTS `new_procedure`$$
CREATE PROCEDURE `new_procedure`(IN in_order_by_column varchar(20), in_order_by_direction char(4))
BEGIN
SET @buffer = CONCAT_WS('',
'SELECT * FROM `common_tags` ORDER BY `', in_order_by_column, '` ', in_order_by_direction, ' LIMIT 5'
);
PREPARE stmt FROM @buffer;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END$$
DELIMITER ;
NOTE: Described approach should be used very careful, because it is vulnurable to SQL Injection attacks, if used incorrectly.
133
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
