Movatterモバイル変換

CREATE    [DEFINER =user]    PROCEDURE [IF NOT EXISTS]sp_name ([proc_parameter[,...]])    [characteristic ...]routine_bodyCREATE    [DEFINER =user]    FUNCTION [IF NOT EXISTS]sp_name ([func_parameter[,...]])    RETURNStype    [characteristic ...]routine_bodyproc_parameter:    [ IN | OUT | INOUT ]param_nametypefunc_parameter:param_nametypetype:Any valid MySQL data typecharacteristic: {    COMMENT 'string'  | LANGUAGE SQL  | [NOT] DETERMINISTIC  | { CONTAINS SQL | NO SQL | READS SQL DATA | MODIFIES SQL DATA }  | SQL SECURITY { DEFINER | INVOKER }}routine_body:SQL routine

These statements are used to create a stored routine (a stored procedure or function). That is, the specified routine becomes known to the server. By default, a stored routine is associated with the default database. To associate the routine explicitly with a given database, specify the name asdb_name.sp_name when you create it.

TheCREATE FUNCTION statement is also used in MySQL to support loadable functions. SeeSection 15.7.4.1, “CREATE FUNCTION Statement for Loadable Functions”. A loadable function can be regarded as an external stored function. Stored functions share their namespace with loadable functions. SeeSection 11.2.5, “Function Name Parsing and Resolution”, for the rules describing how the server interprets references to different kinds of functions.

To invoke a stored procedure, use theCALL statement (seeSection 15.2.1, “CALL Statement”). To invoke a stored function, refer to it in an expression. The function returns a value during expression evaluation.

CREATE PROCEDURE andCREATE FUNCTION require theCREATE ROUTINE privilege. If theDEFINER clause is present, the privileges required depend on theuser value, as discussed inSection 27.6, “Stored Object Access Control”. If binary logging is enabled,CREATE FUNCTION might require theSUPER privilege, as discussed inSection 27.7, “Stored Program Binary Logging”.

By default, MySQL automatically grants theALTER ROUTINE andEXECUTE privileges to the routine creator. This behavior can be changed by disabling theautomatic_sp_privileges system variable. SeeSection 27.2.2, “Stored Routines and MySQL Privileges”.

TheDEFINER andSQL SECURITY clauses specify the security context to be used when checking access privileges at routine execution time, as described later in this section.

If the routine name is the same as the name of a built-in SQL function, a syntax error occurs unless you use a space between the name and the following parenthesis when defining the routine or invoking it later. For this reason, avoid using the names of existing SQL functions for your own stored routines.

TheIGNORE_SPACE SQL mode applies to built-in functions, not to stored routines. It is always permissible to have spaces after a stored routine name, regardless of whetherIGNORE_SPACE is enabled.

IF NOT EXISTS prevents an error from occurring if there already exists a routine with the same name. This option is supported with bothCREATE FUNCTION andCREATE PROCEDURE.

If a built-in function with the same name already exists, attempting to create a stored function withCREATE FUNCTION ... IF NOT EXISTS succeeds with a warning indicating that it has the same name as a native function; this is no different than when performing the sameCREATE FUNCTION statement without specifyingIF NOT EXISTS.

If a loadable function with the same name already exists, attempting to create a stored function usingIF NOT EXISTS succeeds with a warning. This is the same as without specifyingIF NOT EXISTS.

SeeFunction Name Resolution, for more information.

The parameter list enclosed within parentheses must always be present. If there are no parameters, an empty parameter list of() should be used. Parameter names are not case-sensitive.

Each parameter is anIN parameter by default. To specify otherwise for a parameter, use the keywordOUT orINOUT before the parameter name.

AnIN parameter passes a value into a procedure. The procedure might modify the value, but the modification is not visible to the caller when the procedure returns. AnOUT parameter passes a value from the procedure back to the caller. Its initial value isNULL within the procedure, and its value is visible to the caller when the procedure returns. AnINOUT parameter is initialized by the caller, can be modified by the procedure, and any change made by the procedure is visible to the caller when the procedure returns.

For eachOUT orINOUT parameter, pass a user-defined variable in theCALL statement that invokes the procedure so that you can obtain its value when the procedure returns. If you are calling the procedure from within another stored procedure or function, you can also pass a routine parameter or local routine variable as anOUT orINOUT parameter. If you are calling the procedure from within a trigger, you can also passNEW.col_name as anOUT orINOUT parameter.

For information about the effect of unhandled conditions on procedure parameters, seeSection 15.6.7.8, “Condition Handling and OUT or INOUT Parameters”.

Routine parameters cannot be referenced in statements prepared within the routine; seeSection 27.8, “Restrictions on Stored Programs”.

The following example shows a simple stored procedure that, given a country code, counts the number of cities for that country that appear in thecity table of theworld database. The country code is passed using anIN parameter, and the city count is returned using anOUT parameter:

mysql> delimiter //mysql> CREATE PROCEDURE citycount (IN country CHAR(3), OUT cities INT)       BEGIN         SELECT COUNT(*) INTO cities FROM world.city         WHERE CountryCode = country;       END//Query OK, 0 rows affected (0.01 sec)mysql> delimiter ;mysql> CALL citycount('JPN', @cities); -- cities in JapanQuery OK, 1 row affected (0.00 sec)mysql> SELECT @cities;+---------+| @cities |+---------+|     248 |+---------+1 row in set (0.00 sec)mysql> CALL citycount('FRA', @cities); -- cities in FranceQuery OK, 1 row affected (0.00 sec)mysql> SELECT @cities;+---------+| @cities |+---------+|      40 |+---------+1 row in set (0.00 sec)

The example uses themysql clientdelimiter command to change the statement delimiter from; to// while the procedure is being defined. This enables the; delimiter used in the procedure body to be passed through to the server rather than being interpreted bymysql itself. SeeSection 27.1, “Defining Stored Programs”.

TheRETURNS clause may be specified only for aFUNCTION, for which it is mandatory. It indicates the return type of the function, and the function body must contain aRETURNvalue statement. If theRETURN statement returns a value of a different type, the value is coerced to the proper type. For example, if a function specifies anENUM orSET value in theRETURNS clause, but theRETURN statement returns an integer, the value returned from the function is the string for the correspondingENUM member of set ofSET members.

The following example function takes a parameter, performs an operation using an SQL function, and returns the result. In this case, it is unnecessary to usedelimiter because the function definition contains no internal; statement delimiters:

mysql> CREATE FUNCTION hello (s CHAR(20))    ->   RETURNS CHAR(50) DETERMINISTIC    ->   RETURN CONCAT('Hello, ',s,'!');Query OK, 0 rows affected (0.00 sec)mysql> SELECT hello('world');+----------------+| hello('world') |+----------------+| Hello, world!  |+----------------+1 row in set (0.00 sec)

Parameter types and function return types can be declared to use any valid data type. TheCOLLATE attribute can be used if preceded by aCHARACTER SET specification.

Theroutine_body consists of a valid SQL routine statement. This can be a simple statement such asSELECT orINSERT, or a compound statement written usingBEGIN andEND. Compound statements can contain declarations, loops, and other control structure statements. The syntax for these statements is described inSection 15.6, “Compound Statement Syntax”. In practice, stored functions tend to use compound statements, unless the body consists of a singleRETURN statement.

MySQL permits routines to contain DDL statements, such asCREATE andDROP. MySQL also permits stored procedures (but not stored functions) to contain SQL transaction statements such asCOMMIT. Stored functions may not contain statements that perform explicit or implicit commit or rollback. Support for these statements is not required by the SQL standard, which states that each DBMS vendor may decide whether to permit them.

Statements that return a result set can be used within a stored procedure but not within a stored function. This prohibition includesSELECT statements that do not have anINTOvar_list clause and other statements such asSHOW,EXPLAIN, andCHECK TABLE. For statements that can be determined at function definition time to return a result set, aNot allowed to return a result set from a function error occurs (ER_SP_NO_RETSET). For statements that can be determined only at runtime to return a result set, aPROCEDURE %s can't return a result set in the given context error occurs (ER_SP_BADSELECT).

USE statements within stored routines are not permitted. When a routine is invoked, an implicitUSEdb_name is performed (and undone when the routine terminates). The causes the routine to have the given default database while it executes. References to objects in databases other than the routine default database should be qualified with the appropriate database name.

For additional information about statements that are not permitted in stored routines, seeSection 27.8, “Restrictions on Stored Programs”.

For information about invoking stored procedures from within programs written in a language that has a MySQL interface, seeSection 15.2.1, “CALL Statement”.

MySQL stores thesql_mode system variable setting in effect when a routine is created or altered, and always executes the routine with this setting in force,regardless of the current server SQL mode when the routine begins executing.

The switch from the SQL mode of the invoker to that of the routine occurs after evaluation of arguments and assignment of the resulting values to routine parameters. If you define a routine in strict SQL mode but invoke it in nonstrict mode, assignment of arguments to routine parameters does not take place in strict mode. If you require that expressions passed to a routine be assigned in strict SQL mode, you should invoke the routine with strict mode in effect.

TheCOMMENT characteristic is a MySQL extension, and may be used to describe the stored routine. This information is displayed by theSHOW CREATE PROCEDURE andSHOW CREATE FUNCTION statements.

TheLANGUAGE characteristic indicates the language in which the routine is written. The server ignores this characteristic; only SQL routines are supported.

A routine is considered“deterministic” if it always produces the same result for the same input parameters, and“not deterministic” otherwise. If neitherDETERMINISTIC norNOT DETERMINISTIC is given in the routine definition, the default isNOT DETERMINISTIC. To declare that a function is deterministic, you must specifyDETERMINISTIC explicitly.

Assessment of the nature of a routine is based on the“honesty” of the creator: MySQL does not check that a routine declaredDETERMINISTIC is free of statements that produce nondeterministic results. However, misdeclaring a routine might affect results or affect performance. Declaring a nondeterministic routine asDETERMINISTIC might lead to unexpected results by causing the optimizer to make incorrect execution plan choices. Declaring a deterministic routine asNONDETERMINISTIC might diminish performance by causing available optimizations not to be used.

If binary logging is enabled, theDETERMINISTIC characteristic affects which routine definitions MySQL accepts. SeeSection 27.7, “Stored Program Binary Logging”.

A routine that contains theNOW() function (or its synonyms) orRAND() is nondeterministic, but it might still be replication-safe. ForNOW(), the binary log includes the timestamp and replicates correctly.RAND() also replicates correctly as long as it is called only a single time during the execution of a routine. (You can consider the routine execution timestamp and random number seed as implicit inputs that are identical on the source and replica.)

Several characteristics provide information about the nature of data use by the routine. In MySQL, these characteristics are advisory only. The server does not use them to constrain what kinds of statements a routine is permitted to execute.

TheSQL SECURITY characteristic can beDEFINER orINVOKER to specify the security context; that is, whether the routine executes using the privileges of the account named in the routineDEFINER clause or the user who invokes it. This account must have permission to access the database with which the routine is associated. The default value isDEFINER. The user who invokes the routine must have theEXECUTE privilege for it, as must theDEFINER account if the routine executes in definer security context.

TheDEFINER clause specifies the MySQL account to be used when checking access privileges at routine execution time for routines that have theSQL SECURITY DEFINER characteristic.

If theDEFINER clause is present, theuser value should be a MySQL account specified as'user_name'@'host_name',CURRENT_USER, orCURRENT_USER(). The permitteduser values depend on the privileges you hold, as discussed inSection 27.6, “Stored Object Access Control”. Also see that section for additional information about stored routine security.

If theDEFINER clause is omitted, the default definer is the user who executes theCREATE PROCEDURE orCREATE FUNCTION statement. This is the same as specifyingDEFINER = CURRENT_USER explicitly.

Within the body of a stored routine that is defined with theSQL SECURITY DEFINER characteristic, theCURRENT_USER function returns the routine'sDEFINER value. For information about user auditing within stored routines, seeSection 8.2.23, “SQL-Based Account Activity Auditing”.

Consider the following procedure, which displays a count of the number of MySQL accounts listed in themysql.user system table:

CREATE DEFINER = 'admin'@'localhost' PROCEDURE account_count()BEGIN  SELECT 'Number of accounts:', COUNT(*) FROM mysql.user;END;

The procedure is assigned aDEFINER account of'admin'@'localhost' no matter which user defines it. It executes with the privileges of that account no matter which user invokes it (because the default security characteristic isDEFINER). The procedure succeeds or fails depending on whether invoker has theEXECUTE privilege for it and'admin'@'localhost' has theSELECT privilege for themysql.user table.

Now suppose that the procedure is defined with theSQL SECURITY INVOKER characteristic:

CREATE DEFINER = 'admin'@'localhost' PROCEDURE account_count()SQL SECURITY INVOKERBEGIN  SELECT 'Number of accounts:', COUNT(*) FROM mysql.user;END;

The procedure still has aDEFINER of'admin'@'localhost', but in this case, it executes with the privileges of the invoking user. Thus, the procedure succeeds or fails depending on whether the invoker has theEXECUTE privilege for it and theSELECT privilege for themysql.user table.

By default, when a routine with theSQL SECURITY DEFINER characteristic is executed, MySQL Server does not set any active roles for the MySQL account named in theDEFINER clause, only the default roles. The exception is if theactivate_all_roles_on_login system variable is enabled, in which case MySQL Server sets all roles granted to theDEFINER user, including mandatory roles. Any privileges granted through roles are therefore not checked by default when theCREATE PROCEDURE orCREATE FUNCTION statement is issued. For stored programs, if execution should occur with roles different from the default, the program body can executeSET ROLE to activate the required roles. This must be done with caution since the privileges assigned to roles can be changed.

The server handles the data type of a routine parameter, local routine variable created withDECLARE, or function return value as follows: