HANA 存储过程

You can develop secure procedures using SQLScript in SAP HANA by observing the following recommendations.

Using SQLScript, you can read and modify information in the database. In some cases, depending on the commands and parameters you choose, you can create a situation in which data leakage or data tampering can occur. To prevent this, SAP recommends using the following practices in all procedures.

• Mark each parameter using the keywordsINorOUT. Avoid using theINOUTkeyword.
• Use theINVOKERkeyword when you want the user to have the assigned privileges to start a procedure. The default keyword,DEFINER, allows only the owner of the procedure to start it.
• Mark read-only procedures usingREADS SQL DATAwhenever it is possible. This ensures that the data and the structure of the database are not altered.
  Tip Another advantage to usingREADS SQL DATAis that it optimizes performance.
• Ensure that the types of parameters and variables are as specific as possible. Avoid usingVARCHAR, for example. By reducing the length of variables you can reduce the risk of injection attacks.
• Perform validation on input parameters within the procedure.

我是说HANA ，为什么每次后面都加那么一大串。  language sqlscript sql security definer reads sql data

这个可以直接创建的SQL窗口里写也行。不用那么麻烦。

我都不知道这下面这个什么意思。奇奇怪怪的没明白LOGIC。 很可能是随便复制的。

),  OUT var_out "_SYS_BIC"."DEMO/DEMO_SQL_CV/proc/tabletype/VAR_OUT" ) language sqlscript sql security definer reads sql data 

 as
 /********* Begin Procedure Script ************/
 BEGIN 

 SELECT CURRENT_DATE,"_BIC_Z0CGDDH" AS DATE_V FROM "_SYS_BIC"."DEMO/DEMO_CV_IP"
  where "_BIC_Z0CGDDH"= 'ZCCG-1403270935500D';

      var_out = 

SELECT
     A."/BIC/Z0CGDDH" AS CGDDH,
     A."/BIC/Z0DDZT" AS DDZT,
     B."/BIC/Z0SL" AS SL,
     B."/BIC/Z0JE" AS JE
FROM "SAPABAP1"."/BIC/AZEZJTO0100" A LEFT JOIN
     "SAPABAP1"."/BIC/AZEZJTO0200" B ON A."/BIC/Z0CGDDH"=B."/BIC/Z0CGDDH"
      WHERE B."/BIC/Z0JE" IS NOT NULL
      AND A."/BIC/Z0CGDDH" IN(:IP_CGDDH)
      ;

END /********* End Procedure Script ************/

权限过滤，有空看看。

) , MD5_CODE ) , OUT AUTH_VALUE ) )
    LANGUAGE SQLSCRIPT
    SQL SECURITY INVOKER
    --DEFAULT SCHEMA <default_schema_name>
    READS SQL DATA AS
BEGIN
/*****************************
    Write your procedure logic
 *****************************/
--根据MD5码 得到值列表。
    ) ;
    --7380563cdbb1061c70bc76c19ef6d9a2
    DECLARE CURSOR c_cursor FOR
    select * from  "SAPABAP1"."/BIC/OHZBWOHD2" where "USERNAME_MD5" = :MD5_CODE  and
    FILTER_COLOMN = :AUTH_IOBJ ORDER BY "VALUE_LOW" asc ;
    val:= '';
    FOR r1 AS c_cursor DO
    --val:= :val || '''' || '''' || r1.VALUE_LOW  || '''' || '''' || ',';
    val:=  :val || '''' ||  r1.VALUE_LOW  || ''''  || ',';
    IF r1.VALUE_LOW = '*' THEN
    val:=  '''' || '*' || '''';
    BREAK ;
    END IF ;
    END FOR;
--    AUTH_VALUE := :val ;
    select RTRIM (:val,',') INTO AUTH_VALUE from dummy;
    --AUTH_VALUE := :val || '''' ;
    CLOSE c_cursor; 

END;

这是一个权限判断的存储过程。想必还是有用，也没看懂。

) , ZIP_MD5 ) ,ZIP_IOBJ ) ,
                                                    OUT VAR_OUT ) , OUT VAR_FLAG ))
    LANGUAGE SQLSCRIPT
    SQL SECURITY INVOKER
    --DEFAULT SCHEMA <default_schema_name>
    READS SQL DATA AS
BEGIN
/*****************************
    Write your procedure logic
 *****************************/
   ;
 ;
  ;
 ) ;
 );
------------------------------------------------------------------------------------
;/* Custom Error Code = 10001*/
 /*User Defined exception handler */
DECLARE EXIT HANDLER FOR CUSTOMCONDITION RESIGNAL;
 --SELECT ::SQL_ERROR_CODE AS "Error Code", ::SQL_ERROR_MESSAGE AS "Error Message" FROM DUMMY;
/*权限检查段，根据输入的MD5获取权限值*/
------------------------------------------------------------------------------------
SCONST := '''' || '*' || '''';
VAR_OUT := '';

call "_SYS_BIC"."Purchase::ZAUTH_DYN_FILTER"(:ZIP_IOBJ,:ZIP_MD5,:SVAR);

 IF :SVAR = '' THEN
 SIGNAL CUSTOMCONDITION SET MESSAGE_TEXT = '^_^权限不足，请联系管理员增加权限！^_^';
 return;
 END IF;

IF :AUTH_IP = '' OR :AUTH_IP = :SCONST  THEN
  VAR_OUT := :SVAR ;
ELSE
/*对比用户输入和存储过程查到的数据*/
IF :SVAR = :SCONST THEN VAR_OUT := :AUTH_IP;
ELSE
 AUTH_IP := :AUTH_IP || ',';
    DO
 ENO := LOCATE(:AUTH_IP , ',',:SNO) ;
 FLAG := LOCATE(:SVAR , SUBSTRING(:AUTH_IP , :SNO , :ENO-:SNO)) ;
  THEN
 SIGNAL CUSTOMCONDITION SET MESSAGE_TEXT = '^_^权限不足，请联系管理员增加权限！^_^';
 return;
 END IF;
 SNO : ;
 END WHILE;

 select RTRIM (:AUTH_IP,',') INTO VAR_OUT from dummy;
 END IF;
 END IF ;

 IF :VAR_OUT = :SCONST THEN
 VAR_FLAG :=  '%'  ;
 END IF ;

END;