Re: "Best Practices" for Application SQL coding

From: Gints Plivna <gints.plivna_at_gmail.com>
Date: Thu, 30 Oct 2008 16:53:03 +0200
Message-ID: <6e49b6d00810300753v26fe3408r65c28d319d13b34e@mail.gmail.com>


If you read the entire thread (yes a loooong read) then you'd find many approaches and most of them bad :)
We are actually using either contexts or somtehing similar to approach proposed by Darko (without dreaded % in the front of predicates of course! search in this thread for it).
The main idea is to keep binds, do not allow sql injection possibilities and also keep different plans for different search combinations. At least I personally don't know other techniques than either using contexts or something similar as Darko proposed. Or of course listing all possible combinations in your code :D

Gints Plivna
http://www.gplivna.eu

2008/10/30 Charles Schultz <sacrophyte_at_gmail.com>:
> Awesome, thanks!
>
> Given that Tom submitted that in 2001 under 8i, are people still using that
> method? Is this a rather current approach to this particular problem?

--
http://www.freelists.org/webpage/oracle-l
Received on Thu Oct 30 2008 - 09:53:03 CDT

Original text of this message