Is it possible to pass entire WHERE condition in stored procedure in MySQL 5.x ?

Question

I just need pass WHERE condition, like:

CREATE DEFINER=`root`@`localhost` PROCEDURE `productpricing2`(
   IN cond CHAR(200)
)
BEGIN
   SELECT * FROM tbl_products WHERE cond LIMIT 1;
END

and call it like:

CALL productpricing2("productName IS NOT NULL");

Where productName is column in table tbl_products

Thanks

Answer 1

Yes it's possible You can use prepared-statements for it, and build whole query as a string, but it's not an elegant way to do things...

also notice that:

• Yours queries should take advantage of parametrized prepared-statements, in case of SQL-Injection
• Even parametrized prepared-statements, are not fully "secure", and You should avoid that kind of DB programming

Answer 2

Yes it is possible (although as HLGEM points out it opens you for possibility of SQL injections).

THe way to do this, is to create dynamic SQL using prepared statement.