MariaDB不执行Insert in Procedure

Question

我正在使用PHPMyAdmin中的MySQL -actually MariaDB -并试图在存储过程中编写一个insert，但由于明显的(安全)原因，这是不被允许的。

我尝试使用GRANT EXECUTE ON PROCEDURE语句更改权限。

GRANT EXECUTE ON PROCEDURE test.putDataInFull TO 'root'@'localhost' 

我真的碰壁了，有什么想法吗？

编辑：

DELIMITER //
CREATE PROCEDURE putDataInFull (IN matchid INT(11))
BEGIN
  DECLARE koula int(11);
  DECLARE c     varchar(255);
  SET @koula = matchid;
  SET @c := concat('insert into log (match_id, comment) values (?,\'inPUtDataWeTrtust\');');

  DECLARE EXIT HANDLER FOR SQLEXCEPTION
       BEGIN
         SELECT CONCAT(@c, ' is not valid');
       END;
  PREPARE stmt FROM @c;
  EXECUTE stmt USING @koula;
  DEALLOCATE PREPARE stmt;
END //
DELIMITER ;

附注：这不是一个生产项目，只是好玩，所以我真的不关心安全性。

Answer 1

您可以使用您的变量创建一个insert。没有必要创建一个神奇的字符串。下面是an other stackoverflow question的另一个示例

DELIMITER $$

CREATE  PROCEDURE ADD_WITHDRAWAL_A(IN withdrawalcode_p VARCHAR(25), IN id_p VARCHAR(8), IN amount_p VARCHAR(12), IN datewithdrawn_p VARCHAR(35), IN approved_p VARCHAR(8))
BEGIN

     START TRANSACTION;

     INSERT INTO Withdrawals(WithdrawalCode, IDD, Amount, DateWithdrawn, Approved) 
     VALUES (withdrawalcode_p, id_p, amount_p, datewithdrawn_p, approved_p);

     UPDATE account SET AccountBalance = AccountBalance - amount_p WHERE IDD = id_p LIMIT 1;

     COMMIT;

END $$

DELIMITER ;