Michal Drozd
Reputation: 1351
Is it possible to pass entire WHERE condition in stored procedure in MySQL 5.x?
I just need pass WHERE condition, like:
CREATE DEFINER=`root`@`localhost` PROCEDURE `productpricing2`(
IN cond CHAR(200)
)
BEGIN
SELECT * FROM tbl_products WHERE cond LIMIT 1;
END
and call it like:
CALL productpricing2("productName IS NOT NULL");
Where productName is column in table tbl_products
Thanks
Upvotes: 0
Views: 218
Answers (2)
canni
Reputation: 5885
Yes it's possible You can use prepared-statements for it, and build whole query as a string, but it's not an elegant way to do things...
also notice that:
- Yours queries should take advantage of parametrized prepared-statements, in case of SQL-Injection
- Even parametrized prepared-statements, are not fully "secure", and You should avoid that kind of DB programming
Upvotes: 1
Mchl
Reputation: 62395
Yes it is possible (although as HLGEM points out it opens you for possibility of SQL injections).
THe way to do this, is to create dynamic SQL using prepared statement.
Upvotes: 1
Related Questions
- How to apply variable specific condition in query's WHERE clause in Stored Procedure
- how to use WHERE IN mysql stored procedure
- Mysql procedure, using parameter in where clause
- How to handle where clause within mysql procedure?
- how to generate dynamic where condition in mysql procedure
- MySQL: Stored Procedure in WHERE clause
- mysql Stored Procedure Dynamic Where Clause
- how can we call store procedure in where clause
- MySQL stored procedure: variable in WHERE clause?
- Conditional WHERE clause in MySQL stored procedure