MySQL Forums
Forum List  »  Stored Procedures

Re: Escape sproc Parameters
Posted by: John Noble
Date: November 28, 2020 11:32AM

Hi Peter,

When I use the Quote() function it adds single quotes to the beginning and end of the string which is not what I want.

Here is my problem:

Works fine.
call usp_TestUpdate("MS1_", "boats", 14, "Johns Boat")

Does NOT Work (Note the ' in John's Boat)
call usp_TestUpdate("MS1_", "boats", 14, "John's Boat")


CREATE PROCEDURE `usp_TestUpdate`(
IN p_companyID varchar(4)
IN p_pKey int(10),
IN p_name varchar(20)

)
BEGIN


DECLARE vUPDATE varchar(1000) default "";
DECLARE vTableName varchar(9) default "";


SET @vTableName = CONCAT(p_companyID, "boats");


START TRANSACTION;

SET @vUPDATE = CONCAT("UPDATE ", @vTableName," SET name = '", p_name, "'", " WHERE pKey = ", p_pKey);

EXECUTE stmt;
COMMIT;


END

Options: ReplyQuote


Subject
Views
Written By
Posted
973
November 23, 2020 03:46AM
382
November 23, 2020 10:46AM
Re: Escape sproc Parameters
413
November 28, 2020 11:32AM
336
November 28, 2020 01:05PM
384
December 01, 2020 07:44AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.