如何传值给存储过程中的In条件？(根据多个id查找对应的记录的处理)

来源：互联网发布：永中office 知乎编辑：程序博客网时间：2024/06/11 04:26

先看这个文章

http://www.itpub.net/viewthread.php?tid=1441454&pid=17785072&page=1&extra=page%3D1#pid17785072

再看以下处理：

这里主要展现存储函数的一种用法, 比如, 参数是一串用逗号分隔的id, "123,124,125,126", 取得对应的4条记录, 先写一个存储函数, 用来解析id字符串:

Sql代码

create or replace function str2varList( p_string in varchar2 ) return VarTableType
as
v_str long default p_string || ',';
v_n varchar2(2000);
v_data VarTableType := VarTableType();
begin
loop
v_n :=instr( v_str, ',' );
exit when (nvl(v_n,0) = 0);
v_data.extend;
v_data( v_data.count ) := ltrim(rtrim(substr(v_str,1,v_n-1)));
v_str := substr( v_str, v_n+1 );
end loop;
return v_data;
end;

create or replace function str2varList( p_string in varchar2 ) return VarTableType as v_str long default p_string || ','; v_n varchar2(2000); v_data VarTableType := VarTableType(); begin loop v_n :=instr( v_str, ',' );exit when (nvl(v_n,0) = 0);v_data.extend; v_data( v_data.count ) := ltrim(rtrim(substr(v_str,1,v_n-1)));v_str := substr( v_str, v_n+1 ); end loop; return v_data; end;

然后查询语句这样写:

Sql代码

SELECT id, name, birthday, address
FROM table(STR2VARLIST('123,124,125,126')) t, t_user e
WHERE e.id = t.column_value

SELECT id, name, birthday, address   FROM table(STR2VARLIST('123,124,125,126')) t, t_user e   WHERE e.id = t.column_value

也可以这样写:

Sql代码

SELECT id, name, birthday, address
FROM t_user e
WHERE id in (select * from the (select cast(str2varlist(#ids#) as vartabletype) from dual))

SELECT id, name, birthday, address   FROM t_user e   WHERE id in (select * from the (select cast(str2varlist(#ids#) as vartabletype) from dual))

我们在处理这种情况的时候一般都是将id拼成一段sql, 比如这样:id in(123, 124, 125), 这样虽然能解决问题, 但是不是很安全, 如果有SQL注入的话就会导致问题.

CREATE OR REPLACE TYPE NUMTABLETYPE AS TABLE OF NUMBER;/CREATE OR REPLACE TYPE VARTABLETYPE AS TABLE OF VARCHAR2(1000);/CREATE OR REPLACE FUNCTION STR2NUMLIST(P_STRING IN VARCHAR2) RETURN NUMTABLETYPE AS V_STR LONG DEFAULT P_STRING || ','; V_N NUMBER; V_DATA NUMTABLETYPE := NUMTABLETYPE();BEGIN LOOP V_N := TO_NUMBER(INSTR(V_STR, ',')); EXIT WHEN(NVL(V_N, 0) = 0); V_DATA.EXTEND; V_DATA(V_DATA.COUNT) := LTRIM(RTRIM(SUBSTR(V_STR, 1, V_N - 1))); V_STR := SUBSTR(V_STR, V_N + 1); END LOOP; RETURN V_DATA;END;/CREATE OR REPLACE FUNCTION STR2VARLIST(P_STRING IN VARCHAR2) RETURN VARTABLETYPE AS V_STR LONG DEFAULT P_STRING || ','; V_N VARCHAR2(2000); V_DATA VARTABLETYPE := VARTABLETYPE();BEGIN LOOP V_N := INSTR(V_STR, ','); EXIT WHEN(NVL(V_N, 0) = 0); V_DATA.EXTEND; V_DATA(V_DATA.COUNT) := LTRIM(RTRIM(SUBSTR(V_STR, 1, V_N - 1))); V_STR := SUBSTR(V_STR, V_N + 1); END LOOP; RETURN V_DATA;END;/SELECT E.USERID, E.USERNAME FROM TABLE(STR2VARLIST('1,124,125,126')) T, T_USER E WHERE E.USERID = T.COLUMN_VALUE;