set serveroutput on;
CREATE OR REPLACE PROCEDURE USER_INPUT_PROC(
p_col_name_input IN VARCHAR2,
p_col_val_input IN VARCHAR2,
p_lst_out OUT sys_refcursor )
AS
lv_col VARCHAR2(10000 CHAR);
BEGIN
NULL;
SELECT DECODE(p_col_name_input,'empno',' AND EMPNO = '||''''||p_col_val_input||'''','ename',' AND ENAME = '||''''||p_col_val_input||'''','')
INTO lv_col
FROM DUAL;
OPEN p_lst_out FOR 'SELECT * FROM EMP
WHERE 1 = 1 '||lv_col;
END;
2 回答
要安全地执行此操作,您需要使用dbms_sql包 . 编码变得非常复杂 .