从MySQL 开始支持了一个全新的SQL句法
PREPARE stmt_name FROM preparable_stmt;
EXECUTE stmt_name [USING @var_name [ @var_name] ];
{DEALLOCATE | DROP} PREPARE stmt_name;
通过它我们就可以实现类似 MS SQL 的 sp_executesql 执行动态SQL语句!
同时也可以防止注入式攻击!
为了有一个感性的认识下面先给几个小例子
mysql> PREPARE stmt FROM SELECT SQRT(POW(?) + POW(?)) AS hypotenuse;
mysql> SET @a = ;
mysql> SET @b = ;
mysql> EXECUTE stmt USING @a @b;
++
| hypotenuse |
++
| |
++
mysql> DEALLOCATE PREPARE stmt;
mysql> SET @s = SELECT SQRT(POW(?) + POW(?)) AS hypotenuse;
mysql> PREPARE stmt FROM @s;
mysql> SET @a = ;
mysql> SET @b = ;
mysql> EXECUTE stmt USING @a @b;
++
| hypotenuse |
++
| |
++
mysql> DEALLOCATE PREPARE stmt;
[] [] []
