![]() Why bad? The above generates statements like: DELETE FROM my_table WHERE my_fk = 1 This is very bad unless cursor sharing is set to FORCE (which IMHO is nothing but a bandade and even that bandade doesn't always work). The_sql := 'DELETE FROM my_table WHERE my_fk = '|| v_pk_from_other_table ![]() ![]() But the rest of the package can stay as it is. It would by just as easy to change static SQL and recompile as to change the text of the dynamic SQL.Ĭonclusion - if I'm working on a section of the code that has unnecessary dynamic SQL, I'll change it. I don't think future proofing the package is why he used so much dynamic SQL - very often the code is like: the_sql := 'DELETE FROM my_table WHERE my_fk = '|| v_pk_from_other_table Then he concatenates v_pk into a dynamic query. I've used dynamic SQL to construct flexible queries too, but you have to be very careful to validate any query parameters coming from users when you concatenate them into the query - SQL injection becomes a real danger.Īt least this package doesn't suffer from that problem - most common concatenated query parameter is a primary key which came from a static query like "SELECT my_pk INTO v_pk from my_table where my_uk = p_uk". Thank you all for your well-considered answers. 1.7K Training / Learning / Certification.165.3K Java EE (Java Enterprise Edition).7.8K Oracle Database Express Edition (XE).3.7K Java and JavaScript in the Database.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |