My question is pretty basic but I am complete newbie to stored procedure and need to get around quickly. Any help will be appreciated,
Below is the current stored procedure we have,
PROCEDURE get_something(
type IN VARCHAR2,
value IN VARCHAR2,
i_type OUT VARCHAR2,
i_id OUT VARCHAR2)
AS
TYPE t_array
IS
TABLE OF VARCHAR2(320);
identifers t_array;
column_name VARCHAR2(32);
info_qry VARCHAR2(500);
top_row_qry VARCHAR2(500);
BEGIN
identifers := t_array('ABC');
column_name := get_column_name(type);
info_qry := 'select INS.i_id, INS.model from table1 INS where INS.'||column_name||'='''||value||''' order by INS.version desc';
top_row_qry := 'select * from ('||info_qry||') where rownum<=1';
EXECUTE immediate top_row_qry INTO i_id, i_type;
EXCEPTION
WHEN OTHERS THEN
i_id := NULL;
i_type := NULL;
END get_something;
Now when I execute this procedure, it gives me one record due to the rownum condition.
My requirement is to remove the rownum from the top_row_qry, so result would be multiple rows.
I want to store each field into some variable out of which I will use one of the variable for some comparison in the procedure itself.
So basically i want to store the results which I can later loop over and compare with a list of values.
Also, I need to define the list of values in this procedure itself.
Something like below:
list_of_vals:= t_array('ABC','XYZ');
Can anyone help me on this.
I guess you need to use cursor as OUT parameter for your procedure and later use it for your requirement.
Also for "I need to define the list of values in this procedure itself."
you can use a collection the way I have used in the procedure code (v_array).
You can then use a loop to traverse through multiple values for the v_array.
CREATE ORE REPLACE PROCEDURE get_something(type IN VARCHAR2,
value IN VARCHAR2,
out_param OUT sys_refcursor)
AS
TYPE t_array IS TABLE OF VARCHAR2(320);
v_array t_array:=t_array();
-- identifers t_array;
column_name VARCHAR2(32);
info_qry VARCHAR2(500);
top_row_qry VARCHAR2(500);
BEGIN
--To define multiple values for a collection e.g. ABC, XYZ
v_array.EXTEND(2) ;
v_array(1):='ABC' ;
v_array(2):='XYZ' ;
--identifers := t_array('ABC') ;
column_name := get_column_name(TYPE) ;
info_qry := 'select INS.i_id, INS.model from table1 INS where INS.'||column_name||'='''||VALUE||''' order by INS.version desc';
top_row_qry := 'select * from ('||info_qry||')' ;
OPEN out_param FOR top_row_qry ;
EXCEPTION
WHEN OTHERS THEN
OPEN out_param FOR 'select null, null from dual' ;
END get_something ;
/
--To execute the procedure
DECLARE
lv_type VARCHAR2(200);
lv_id NUMBER;
lv_cur SYS_REFCURSOR;
BEGIN
get_something('param1','param2',lv_cur);
LOOP
FETCH lv_cur INTO lv_id,lv_type;
EXIT WHEN lv_cur%NOTFOUND;
--Do something.....
END LOOP;
END;
Related
I need to make a PL/SQL script.
The inputs are a schema name and a table name. How can I make it to a table name?
So e.g. I'd like to do this:
create or replace procedure proc(schema in varchar2, table in varchar2) is
begin
select * from 'schema.table';
end;
begin
proc('db', 'items');
end;
So I'd like to get everything from db.items.
I've tried concat, ( 'schema' || '.' || 'table'), put it in a variable, but non of these has worked.
What you need is dynamic sql. Example that will return and print the count of rows (you can change it accordingly to your needs):
SQL> set serveroutput on -- to be able to see the printed results.
SQL> create or replace procedure proc(p_schema in varchar2, p_table in varchar2) is
v_sql varchar2(100);
v_result number;
begin
v_sql := 'select count(*) from :1' || '.' || ':2';
EXECUTE IMMEDIATE v_sql into v_result USING p_schema, p_table;
DBMS_OUTPUT.PUT_LINE ('Total rows in table: '|| v_result );
end;
I want to write a simple pl/sql procedure which will take a table name as input and it will store the table row count into a variable . I have written the bellow code :
CREATE OR REPLACE procedure ATT_REP.proc_compare2(table_name IN varchar2)
is
cnt NUMBER(30);
begin
execute immediate 'select count(*) from '||table_name||' into '||cnt ;
dbms_output.put_line(cnt);
end;
/
while executing i am getting 'PLS-00357: Table,View Or Sequence reference 'CES_ODS.ENTITY' not allowed in this context' error.
Please suggest what am i doing wrong . How can i make it working .
Try the following:
CREATE OR REPLACE PROCEDURE ATT_REP.proc_compare2 (table_name IN VARCHAR2)
IS
cnt NUMBER (30);
sql_stmt VARCHAR2 (200);
BEGIN
sql_stmt := 'select count(*) from ' || table_name;
EXECUTE IMMEDIATE sql_stmt INTO cnt;
DBMS_OUTPUT.put_line (cnt);
END;
/
I am trying to pass dbms_sql.number_table from one procedure to another and then using it inside a dynamic plsql block. But the below code throws error as:
Error(6,17): PLS-00306: wrong number or types of arguments in call to '||'
create or replace
procedure proc1( v_in_table_name varchar2,
v_in_column_name varchar2,
v_in dbms_sql.number_table)
as
plsql_block varchar2(4000);
begin
plsql_block:='declare
begin
FORALL INDX IN 1 ..'||v_in.count||' SAVE EXCEPTIONS
UPDATE '||v_in_table_name||'
Set '||v_in_column_name||'=123 WHERE col2='||v_in||'(INDX)||;
end';
execute immediate plsql_block;
end proc1;
You should make two changes:
First(and its case of error) its when you concatinate string with collection.
If you want to send collection into pl/sql block you shoud use the param.
And second you should add ; in the end of dynamic pl\sql:
create or replace
procedure proc1(v_in dbms_sql.number_table)
as
plsql_block varchar2(4000);
begin
plsql_block:='declare
l_collect dbms_sql.number_table := :number_table ;
begin
FORALL INDX IN 1 ..'||v_in.count||' SAVE EXCEPTIONS
UPDATE table_name
Set col1=123 WHERE col2=l_collect(INDX);
end;';
execute immediate plsql_block using v_in;
end proc1;
But after all changes I would like to ask: Are you realy need to use dynamic pl\sql?
There is no need for using a dynamic block. Also i dont think it can work as well. You can use this way;
create or replace
procedure proc1(v_in dbms_sql.number_table)
as
plsql_block varchar2(4000);
l_collect dbms_sql.number_table;
begin
l_collect := v_in;
FORALL INDX IN 1 ..l_collect.count SAVE EXCEPTIONS
UPDATE table_name
Set col1=123
WHERE col2=l_collect(INDX);
commit;
end proc1;
Execution:
SQL> DECLARE
var DBMS_SQL.number_table;
BEGIN
var (1) := 1;
var (2) := 2;
var (3) := 3;
proc1 (var);
END;
/
PL/SQL procedure successfully completed.
EDIT: As per your edit the code becomes like:
create or replace procedure proc1 (v_in_table_name varchar2,
v_in_column_name varchar2,
v_in dbms_sql.number_table)
as
plsql_block varchar2 (4000);
begin
plsql_block := q'[ FORALL INDX IN 1 ..v_in.count SAVE EXCEPTIONS
UPDATE :table_name
Set :col1=123
WHERE col2=v_in(INDX)]';
execute immediate plsql_block using v_in_table_name, v_in_column_name;
commit;
end proc1;
I have a simple stored proc...
create or replace
PROCEDURE GET_PERSON (aName VARCHAR2, p_data OUT sys_refcursor)
IS
BEGIN
OPEN p_data FOR SELECT * FROM people_table WHERE firstname = aName;
END;
However when I execute the stored proc it returns all of the records.
DECLARE
v_cur SYS_REFCURSOR;
v_1 number;
v_2 VARCHAR2(50);
v_3 VARCHAR2(200);
v_4 VARCHAR2(50);
v_5 VARCHAR2(50);
v_6 VARCHAR2(50);
BEGIN
GET_PERSON ('aaa#bbb.com', v_cur);
LOOP
FETCH v_cur INTO v_1, v_2, v_3, v_4, v_5, v_6;
EXIT WHEN v_cur%NOTFOUND;
dbms_output.put_line(v_2 || ' ' || v_3);
END LOOP;
CLOSE v_cur;
END;
If I run the simple statement
SELECT * FROM people_table WHERE firstname = 'aaa#bbb.com';
It correctly returns one record.
Why is the stored proc not behaving the same?
I found the issue..
My issue was name collision. When I altered the code above is when I noticed the issue. I originally has WHERE fistname = firstName. Once I changed the parameter to p_firstName as was well.
I'm trying to write a PL/SQL function to store a select statement with a variable table name (a bit weird i know but it is actually a good design decision). The following code does not work...but I'm not sure how to both take a variable table name (building the query) and return a dataset. Anyone have any experience in this? TIA.
CREATE OR REPLACE FUNCTION fn_netstat_all (casename in varchar2)
RETURN resultset_subtype
IS
dataset resultset_subtype;
v_sql varchar2(25000);
v_tablename varchar2(50);
begin
v_sql := 'SELECT * FROM ' || casename || '_netstat;';
OPEN dataset FOR
execute immediate v_sql;
return dataset;
end;
If your resultset_subtype is a ref_cursor (or just replace resultset_subtype with a ref_cursor) you could:
CREATE OR REPLACE
FUNCTION fn_netstat_all (
casename IN VARCHAR2
)
RETURN resultset_subtype
IS
dataset resultset_subtype;
BEGIN
OPEN dataset
FOR 'SELECT * FROM ' || casename || '_netstat';
RETURN dataset;
END fn_netstat_all;
FWIW, you might want to look into the DBMS_ASSERT package to wrap the casename variable to help protect against SQL Injection attacks in your dynamic SQL.
Hope it helps...
Below it is assumed all tables are similar. It's also possible to select a subset of colums that are similar in every table without using DBMS_SQL. I have also paid some attention to SQL injection mentioned by Ollie.
create table so9at (
id number(1),
data varchar2(5)
);
insert into so9at values (1, 'A-AAA');
insert into so9at values (2, 'A-BBB');
insert into so9at values (3, 'A-CCC');
create table so9bt (
id number(1),
data varchar2(5)
);
insert into so9bt values (5, 'B-AAA');
insert into so9bt values (6, 'B-BBB');
insert into so9bt values (7, 'B-CCC');
create table secret_identities (
cover_name varchar2(20),
real_name varchar2(20)
);
insert into secret_identities values ('Batman', 'Bruce Wayne');
insert into secret_identities values ('Superman', 'Clark Kent');
/* This is a semi-secure version immune to certain kind of SQL injections. Note
that it can be still used to find information about any table that ends with
't'. */
create or replace function cursor_of (p_table_id in varchar2)
return sys_refcursor as
v_cur sys_refcursor;
v_stmt constant varchar2(32767) := 'select * from ' || dbms_assert.qualified_sql_name(p_table_id || 't');
begin
open v_cur for v_stmt;
return v_cur;
end;
/
show errors
/* This is an unsecure version vulnerable to SQL injection. */
create or replace function vulnerable_cursor_of (p_table_id in varchar2)
return sys_refcursor as
v_cur sys_refcursor;
v_stmt constant varchar2(32767) := 'select * from ' || p_table_id || 't';
begin
open v_cur for v_stmt;
return v_cur;
end;
/
show errors
create or replace procedure print_values_of (p_cur in sys_refcursor) as
type rec_t is record (
id number,
data varchar2(32767)
);
v_rec rec_t;
begin
fetch p_cur into v_rec;
while p_cur%found loop
dbms_output.put_line('id = ' || v_rec.id || ' data = ' || v_rec.data);
fetch p_cur into v_rec;
end loop;
end;
/
show errors
declare
v_cur sys_refcursor;
begin
v_cur := cursor_of('so9a');
print_values_of(v_cur);
close v_cur;
v_cur := cursor_of('so9b');
print_values_of(v_cur);
close v_cur;
/* SQL injection vulnerability */
v_cur := vulnerable_cursor_of('secret_identities --');
dbms_output.put_line('Now we have a cursor that reveals all secret identities. Just see DBMS_SQL.DESCRIBE_COLUMNS ...');
close v_cur;
/* SQL injection made (mostly) harmless - will throw ORA-44004: invalid qualified SQL name */
v_cur := cursor_of('secret_identities --');
close v_cur;
end;
/