Like This Site? 
 
RSS Feed Follow Us 

on Twitter! Be Our Fan!

PL/SQL Advanced Programming

Share this post!
 Vote this!

It is possible to create dynamic SQL on the fly, you have two architectures that apply in both cases, you can glue strings together or you can implement placeholders. The gluing of strings is susceptible to SQL injection attacks, implementing placeholders (bind variables) makes your dynamic SQL immune to these attacks. They act as formal parameters to dynamic statements.
The process of running a dynamic statement involves four steps:
  • First, the statement is parsed
  • Second, the statement with placeholders map the actual parameters to the formal parameters.
  • Third, it executes the statement
  • Fourth, it returns values to the calling statement
There are two methods that can be used to build dynamic statements:  more...

0 comments:

Post a Comment