passing table and column name dynamically using bind variables

by

Table and column names cannot be passed as bind variables, no. The whole point of bind variables is that Oracle can generate a query plan once for the statement and then execute it many times with different bind variable values. If the optimizer doesn’t know what table is being accessed or what columns are being selected and filtered on, it can’t generate a query plan.

If your concern relates to SQL injection attacks, and assuming that dynamic SQL is actually necessary (most of the time, the need to resort to dynamic SQL implies problems with the data model), you can use the DBMS_ASSERT package to validate that the table names and column names don’t contain embedded SQL.

More Related Contents:

  1. Receive an unexpected symbol error in my PLSQL query [closed]
  2. PL SQL UPDATE STATEMENT
  3. Search All Fields In All Tables For A Specific Value (Oracle)
  4. Is there a combination of “LIKE” and “IN” in SQL?
  5. Is it possible to output a SELECT statement from a PL/SQL block?
  6. REGEX to select nth value from a list, allowing for nulls
  7. SQL to generate a list of numbers from 1 to 100
  8. How to use BOOLEAN type in SELECT statement
  9. SQL recursive query on self referencing table (Oracle)
  10. create table with sequence.nextval in oracle [duplicate]
  11. IF EXISTS condition not working with PLSQL
  12. PLS-00428: an INTO clause is expected in this SELECT statement
  13. SQL error “ORA-01722: invalid number”
  14. WHERE IN condition not accepting String value
  15. Sleep function in ORACLE
  16. Solution to “cannot perform a DML operation inside a query”?
  17. Array in IN() clause oracle PLSQL
  18. Different CURRENT_TIMESTAMP and SYSDATE in oracle
  19. How to query a CLOB column in Oracle
  20. Oracle (Old?) Joins – A tool/script for conversion?
  21. How to return multiple rows from the stored procedure? (Oracle PL/SQL)
  22. Issue when comparing result of to_char(myDate, ‘DAY’) to a string
  23. In Oracle, is it possible to INSERT or UPDATE a record through a view?
  24. Creating or simulating two dimensional arrays in PL/SQL
  25. How to handle optional parameters in SQL query?
  26. How to use Alias in Where clause? [duplicate]
  27. How to check if a column exists before adding it to an existing table in PL/SQL?
  28. Subtracting Dates in Oracle – Number or Interval Datatype?
  29. How to call Oracle MD5 hash function?
  30. Using bind variables with dynamic SELECT INTO clause in PL/SQL

Leave a Comment