如何创建 SQL 存储过程以插入多个值
How to create an SQL stored procedure to insert multiple values
我有以下语句,它接受一组值并将它们存储在我的 MySQL RDS 中:
INSERT INTO items (item_id, item_name, item_description) VALUES ?
我将它与 AWS Appsync 一起使用,它不提供防止注入的转义机制,因此我想在我的 RDS 中使用存储过程来防止 injection.
该语句将用于创建多个项目,因此将传入一个值数组。
如何创建存储过程以将多个值插入 table?我参考了以下带有单个参数的 select 语句的示例,但我不确定如何将其应用于具有多个参数的更复杂的情况,如我上面的语句。
CREATE PROCEDURE listPets (IN type_param VARCHAR(200))
BEGIN
PREPARE stmt FROM 'SELECT * FROM Pets where type=?';
SET @type = type_param;
EXECUTE stmt USING @type;
DEALLOCATE PREPARE stmt;
END
CREATE PROCEDURE listPets (IN p_itemid INT, IN p_itemname VARCHAR(200),
IN p_itemdesc VARCHAR(200))
BEGIN
PREPARE stmt FROM 'INSERT INTO items (item_id, item_name, item_description) VALUES (?, ?, ?)';
SET @id = p_itemid, @name = p_itemname, @description = p_itemdesc;
EXECUTE stmt USING @id, @name, @description;
DEALLOCATE PREPARE stmt;
END
提示:您可能喜欢使用此替代 INSERT 语法:
PREPARE stmt FROM 'INSERT INTO items SET item_id=?, item_name=?, item_description=?';
它是 MySQL 对 SQL 的非标准扩展,可以更轻松地匹配列和 ? 占位符。但是不支持多行插入
如果您打算更新现有记录:
CREATE PROCEDURE LIST_Pets
(
--These are the Variables/columns you need to enter data into to update
@item_name VARCHAR(15),
@item_description VARCHAR(30),
--These are the variables used to get the correct record which needs update
@item_id INT
)
AS
BEGIN
UPDATE TABLE type_param
SET item_name = ISNULL(item_name, @item_name)--if the item_name is null it will insert @item_name
SET item_description = ISNULL(item_description, @item_description)
WHERE item_id = @item_id
我有以下语句,它接受一组值并将它们存储在我的 MySQL RDS 中:
INSERT INTO items (item_id, item_name, item_description) VALUES ?
我将它与 AWS Appsync 一起使用,它不提供防止注入的转义机制,因此我想在我的 RDS 中使用存储过程来防止 injection.
该语句将用于创建多个项目,因此将传入一个值数组。
如何创建存储过程以将多个值插入 table?我参考了以下带有单个参数的 select 语句的示例,但我不确定如何将其应用于具有多个参数的更复杂的情况,如我上面的语句。
CREATE PROCEDURE listPets (IN type_param VARCHAR(200))
BEGIN
PREPARE stmt FROM 'SELECT * FROM Pets where type=?';
SET @type = type_param;
EXECUTE stmt USING @type;
DEALLOCATE PREPARE stmt;
END
CREATE PROCEDURE listPets (IN p_itemid INT, IN p_itemname VARCHAR(200),
IN p_itemdesc VARCHAR(200))
BEGIN
PREPARE stmt FROM 'INSERT INTO items (item_id, item_name, item_description) VALUES (?, ?, ?)';
SET @id = p_itemid, @name = p_itemname, @description = p_itemdesc;
EXECUTE stmt USING @id, @name, @description;
DEALLOCATE PREPARE stmt;
END
提示:您可能喜欢使用此替代 INSERT 语法:
PREPARE stmt FROM 'INSERT INTO items SET item_id=?, item_name=?, item_description=?';
它是 MySQL 对 SQL 的非标准扩展,可以更轻松地匹配列和 ? 占位符。但是不支持多行插入
如果您打算更新现有记录:
CREATE PROCEDURE LIST_Pets
(
--These are the Variables/columns you need to enter data into to update
@item_name VARCHAR(15),
@item_description VARCHAR(30),
--These are the variables used to get the correct record which needs update
@item_id INT
)
AS
BEGIN
UPDATE TABLE type_param
SET item_name = ISNULL(item_name, @item_name)--if the item_name is null it will insert @item_name
SET item_description = ISNULL(item_description, @item_description)
WHERE item_id = @item_id