MySQL Forums
Forum List  »  Stored Procedures

Escape sproc Parameters
Posted by: John Noble
Date: November 23, 2020 03:46AM

Hi folks,

I have a problem when a parameter has an apostrophe in it. Im not sure if I should handle it in the sproc or handle it before it gets sent to the sproc.
If any of the varchar parameters has an ' it just crashes.

Any ideas ??

CREATE DEFINER=`root`@`%` PROCEDURE `usp_BoatsUpdate`(
IN p_pKey int(10),
IN p_bCode varchar(6),
IN p_name varchar(20),
IN p_engine varchar(29),
IN p_HP int(10),
IN p_length decimal(10,2),
IN p_companyID varchar(4)
)
BEGIN



DECLARE vUPDATE varchar(1000) default "";
DECLARE vTableName varchar(4) default "";

SET @vTableName = CONCAT(p_companyID, "boats");



START TRANSACTION;

SET @vUPDATE = CONCAT("UPDATE ", @vTableName, " SET bCode = '", p_bCode, "'",
", name = '", p_name, "'",
", engine = '", p_engine, "'",
", HP = '", p_HP, "'",
", length = '", p_length, "'"
" WHERE pKey = '", p_pKey, "'");



PREPARE stmt FROM @vUPDATE;
EXECUTE stmt;
COMMIT;


END

Options: ReplyQuote


Subject
Views
Written By
Posted
Escape sproc Parameters
973
November 23, 2020 03:46AM
382
November 23, 2020 10:46AM
414
November 28, 2020 11:32AM
336
November 28, 2020 01:05PM
384
December 01, 2020 07:44AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.