I have the following function that calculates content of the table but when I pass any param it throws:
EXEC DBMS_OUTPUT.PUT_LINE(get_size('employees'))
Error report -
ORA-00903: invalid table name
ORA-06512: at "HR.GET_SIZE", line 5
ORA-06512: at line 1
00903. 00000 - "invalid table name"
Function
CREATE OR REPLACE FUNCTION get_size(v_table_name IN VARCHAR2)
RETURN NUMBER IS total_size NUMBER(16);
plsql_statement VARCHAR2(500) := 'SELECT COUNT(*) FROM :param';
BEGIN
EXECUTE IMMEDIATE plsql_statement INTO total_size USING v_table_name;
RETURN(total_size);
END;
/
EXEC DBMS_OUTPUT.PUT_LINE(get_size('employees'));
You can't bind table names, it needs to be constructed.
CREATE OR REPLACE FUNCTION get_size(v_table_name IN VARCHAR2)
RETURN NUMBER IS total_size NUMBER(16);
plsql_statement VARCHAR2(500)
BEGIN
plsql_statement := 'SELECT COUNT(*) FROM ' || v_table_name;
EXECUTE IMMEDIATE plsql_statement INTO total_size;
RETURN(total_size);
END;
/
EXEC DBMS_OUTPUT.PUT_LINE(get_size('employees'));
You cannot bind table names or column names. You can bind only variables.
In your case, you just need to EXECUTE IMMEDIATE the dynamic SQL.
SQL> CREATE OR REPLACE FUNCTION get_size(v_table_name IN VARCHAR2)
2 RETURN NUMBER IS total_size NUMBER(16);
3 plsql_statement VARCHAR2(500);
4 BEGIN
5 plsql_statement := 'SELECT COUNT(*) FROM ' || v_table_name;
6 EXECUTE IMMEDIATE plsql_statement INTO total_size;
7 RETURN(total_size);
8 END;
9 /
Function created.
SQL>
SQL>
SQL> EXEC DBMS_OUTPUT.PUT_LINE(get_size('EMP'));
14
PL/SQL procedure successfully completed.
SQL>
Related
Below sql command is not working in procedure
PROCEDURE P_EMPDETAIL
AS
V_WHERE := 'E.EMP_ID = 123'B
BEGIN
EXECUTE IMMEDIATE 'INSERT INTO EMPLOYEE E ' || V_WHERE || ;
END;
It seems to me there are various issues with your syntax and approach (you shouldn't be using dynamic SQL this way), perhaps you should learn PL/SQL and reference the manuals. The insert statement is also wrong. Below is the correct syntax.
CREATE OR REPLACE PROCEDURE P_EMPDETAIL as
V_WHERE varchar2(100);
BEGIN
V_WHERE := 'E.EMP_ID = 123';
EXECUTE IMMEDIATE 'INSERT INTO EMPLOYEE E (colname) values (1) ' || V_WHERE;
END;
Well, not exactly like that (obviously; otherwise, you wouldn't be asking for help).
It is unclear what you want to do because syntax is really strange. If you wanted to insert a row into the table, then:
SQL> CREATE TABLE employees
2 (
3 emp_id NUMBER
4 );
Table created.
SQL> CREATE OR REPLACE PROCEDURE p_empdetail (par_emp_id IN NUMBER)
2 AS
3 l_str VARCHAR2 (200);
4 BEGIN
5 l_str := 'insert into employees (emp_id) values (:1)';
6
7 EXECUTE IMMEDIATE l_str
8 USING par_emp_id;
9 END;
10 /
Procedure created.
Testing:
SQL> EXEC p_empdetail(123);
PL/SQL procedure successfully completed.
SQL> SELECT * FROM employees;
EMP_ID
----------
123
SQL>
The following procedure compilation error occurred:
Procedure A receives the result from table B, inputs it to the GLOBAL TEMPORARY TABLE, and retrieves the final result after the operation.
Procedure B is a function that manipulates and retrieves the source data.
When I run the A procedure, I get the following compilation error:
/* GLOBAL TEMPORARY TABLE */
CREATE GLOBAL TEMPORARY TABLE TT_TB_TMP
(
TABLE_NAME VARCHAR2(200)
,COLUMN_NAME VARCHAR2(200)
)
ON COMMIT DELETE ROWS
NOPARALLEL;
/* PROCEDURE B(SP_TEST_H2)*/
create or replace PROCEDURE SP_TEST_H2
(
p_TBL_NAME IN VARCHAR
)
AS
v_cursor SYS_REFCURSOR;
BEGIN
OPEN v_cursor FOR
SELECT TABLE_NAME, COLUMN_NAME
FROM ALL_TAB_COLUMNS
WHERE TABLE_NAME = 'ALL_XML_SCHEMAS'; -- p_TBL_NAME
DBMS_SQL.RETURN_RESULT(v_cursor);
END SP_TEST_H2;
/* PROCEDURE A(SP_TEST_H1)*/
create or replace PROCEDURE SP_TEST_H1
(
p_TBL_NAME IN VARCHAR
)
AS
v_cursor SYS_REFCURSOR;
BEGIN
DECLARE
cv_ins SYS_REFCURSOR;
v_temp TT_TB_TMP%ROWTYPE;
BEGIN
cv_ins := SP_TEST_H2('XXX');
LOOP
FETCH cv_ins INTO v_temp;
EXIT WHEN cv_ins%NOTFOUND;
INSERT INTO TT_TB_TMP VALUES v_temp;
END LOOP;
CLOSE cv_ins;
/*
OPEN v_cursor FOR
SELECT * FROM TT_TB_TMP;
DBMS_SQL.RETURN_RESULT(v_cursor);
*/
END;
END SP_TEST_H1
PLS-00222: Function with name 'SP_TEST_H2' does not exist in scope
What did I do wrong?
If you're returning something, then use a function - they are designed for such a purpose.
That's what Oracle told you:
Function with name 'SP_TEST_H2' does not exist in scope
which is related to this line in your code:
cv_ins := SP_TEST_H2('XXX');
Function:
SQL> CREATE OR REPLACE FUNCTION sf_test_h2 (p_tbl_name IN VARCHAR)
2 RETURN SYS_REFCURSOR
3 AS
4 v_cursor SYS_REFCURSOR;
5 BEGIN
6 OPEN v_cursor FOR SELECT table_name, column_name
7 FROM all_tab_columns
8 WHERE table_name = p_tbl_name;
9
10 RETURN v_cursor;
11 END sf_test_h2;
12 /
Function created.
Procedure:
SQL> CREATE OR REPLACE PROCEDURE sp_test_h1 (p_tbl_name IN VARCHAR)
2 AS
3 cv_ins SYS_REFCURSOR;
4 v_temp tt_tb_tmp%ROWTYPE;
5 BEGIN
6 cv_ins := sf_test_h2 (p_tbl_name);
7
8 LOOP
9 FETCH cv_ins INTO v_temp;
10
11 EXIT WHEN cv_ins%NOTFOUND;
12
13 INSERT INTO tt_tb_tmp (table_name, column_name)
14 VALUES (v_temp.table_name, v_temp.column_name);
15 END LOOP;
16
17 CLOSE cv_ins;
18 END sp_test_h1;
19 /
Procedure created.
Testing:
SQL> EXEC sp_test_h1('DEPT');
PL/SQL procedure successfully completed.
SQL> SELECT * FROM tt_tb_tmp;
TABLE_NAME COLUMN_NAME
-------------------- --------------------
DEPT LOC
DEPT DNAME
DEPT DEPTNO
SQL>
I have a set of stored procedures with the same interface and one of these stored procedures will be passed to a runner stored procedure as an input parameter. How can I execute this stored procedure within the runner proc.
I tried this by using dynamic SQL. The code snippet I wrote for this:
v_proc_query := ':1(:2, :3)';
execute immediate v_proc_query using p_proc_name, p_param1, p_param2;
But the above statement give error: ORA-00900: invalid SQL statement
I'm using Oracle 12c.
What is the right approach to achieve the goal?
Something like this, perhaps?
SQL> set serveroutput on
SQL> create or replace procedure p_test (par_deptno in number)
2 is
3 l_cnt number;
4 begin
5 select count(*)
6 into l_cnt
7 from emp
8 where deptno = par_deptno;
9 dbms_output.put_line('count = ' || l_cnt);
10 end;
11 /
Procedure created.
SQL> create or replace procedure p_test_2 (par_proc_name in varchar2, par_deptno in number)
2 is
3 l_str varchar2(200);
4 begin
5 l_str := 'begin ' ||
6 dbms_assert.sql_object_name(par_proc_name) ||
7 '(' || par_deptno || ');' ||
8 'end;';
9 execute immediate l_str;
10 end;
11 /
Procedure created.
SQL> exec p_test_2('p_test', 10);
count = 3
PL/SQL procedure successfully completed.
SQL>
I am trying to make dynamic sql like this 'select col1,col2 from '|| my_table ||' it works fine but I want to write like this sql_stmt:='select col1,col2 from :myTable'; execute immediate sql_stmt using my_table; but I have error I have same error when I want to do something like this tooo v_filter := my_proc(); sql_stmt:='select col1,col2 from my_table where :filter' execute immediate sql_stmt using v_filter; is it impossible to build dynamic sql like this with using ? If it is impossible what is another way to avoid sql injections ?
When you want to use table names in dynamic SQL, yes - you'll have to concatenate them. In order to avoid SQL injection, use DBMS_ASSERT.SQL_OBJECT_NAME.
Here's an example:
SQL> create or replace procedure p_test (par_table in varchar2) is
2 l_table varchar2(30);
3 l_str varchar2(200);
4 l_cnt number;
5 begin
6 l_table := dbms_assert.sql_object_name(par_table);
7
8 l_str := 'select count(*) from ' || par_table;
9 execute immediate (l_str) into l_cnt;
10 dbms_output.put_line('Table contains ' || l_cnt || ' rows');
11 end;
12 /
Procedure created.
SQL>
SQL> exec p_test('dept');
Table contains 4 rows
PL/SQL procedure successfully completed.
SQL> exec p_test('delete from emp');
BEGIN p_test('delete from emp'); END;
*
ERROR at line 1:
ORA-44002: invalid object name
ORA-06512: at "SYS.DBMS_ASSERT", line 316
ORA-06512: at "SCOTT.P_TEST", line 6
ORA-06512: at line 1
SQL>
[EDIT: WHERE clause]
This works:
SQL> create or replace procedure p_test (par_table in varchar2,
2 par_filter in varchar2) is
3 l_table varchar2(30);
4 l_str varchar2(200);
5 l_cnt number;
6 begin
7 l_table := dbms_assert.sql_object_name(par_table);
8
9 l_str := 'select count(*) from ' || par_table ||
10 ' where deptno = :filter';
11 execute immediate (l_str) into l_cnt using par_filter;
12 dbms_output.put_line('Table contains ' || l_cnt || ' rows');
13 end;
14 /
Procedure created.
SQL> exec p_test('emp', '10');
Table contains 3 rows
PL/SQL procedure successfully completed.
SQL>
WHERE clause, modified so that it contains only the WHERE keyword, while the rest is to be used as a parameter:
SQL> create or replace procedure p_test (par_table in varchar2,
2 par_filter in varchar2) is
3 l_table varchar2(30);
4 l_str varchar2(200);
5 l_cnt number;
6 begin
7 l_table := dbms_assert.sql_object_name(par_table);
8
9 l_str := 'select count(*) from ' || par_table ||
10 ' where :filter';
11 execute immediate (l_str) into l_cnt using par_filter;
12 dbms_output.put_line('Table contains ' || l_cnt || ' rows');
13 end;
14 /
Procedure created.
SQL> exec p_test('emp', 'deptno = 10');
BEGIN p_test('emp', 'deptno = 10'); END;
*
ERROR at line 1:
ORA-00920: invalid relational operator
ORA-06512: at "SCOTT.P_TEST", line 11
ORA-06512: at line 1
SQL>
It won't work; is that what you're asking?
Some more reading about dynamic SQL on Oracle, as well as here, on Stack overflow (How can I create a dynamic WHERE clause.
I want to write a simple pl/sql procedure which will take a table name as input and it will store the table row count into a variable . I have written the bellow code :
CREATE OR REPLACE procedure ATT_REP.proc_compare2(table_name IN varchar2)
is
cnt NUMBER(30);
begin
execute immediate 'select count(*) from '||table_name||' into '||cnt ;
dbms_output.put_line(cnt);
end;
/
while executing i am getting 'PLS-00357: Table,View Or Sequence reference 'CES_ODS.ENTITY' not allowed in this context' error.
Please suggest what am i doing wrong . How can i make it working .
Try the following:
CREATE OR REPLACE PROCEDURE ATT_REP.proc_compare2 (table_name IN VARCHAR2)
IS
cnt NUMBER (30);
sql_stmt VARCHAR2 (200);
BEGIN
sql_stmt := 'select count(*) from ' || table_name;
EXECUTE IMMEDIATE sql_stmt INTO cnt;
DBMS_OUTPUT.put_line (cnt);
END;
/