Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: sqlQuery as string
"Greg" <gregclau_at_yahoo.com> wrote in message
news:1123336555.540931.187080_at_g14g2000cwa.googlegroups.com...
> For example
>
> SELECT FUNCTION('SELECT COLUMN FROM TABLE') FROM TABLE
>
> where the argument is executed and is a string.
>
> Thank you,
> Greg
>
> Jim Kennedy wrote:
> > "Greg" <gregclau_at_yahoo.com> wrote in message
> > news:1123282217.245939.66490_at_g47g2000cwa.googlegroups.com...
> > > Yes, I am interested in those that are executed. I am interested in
> > > functions deliverd by Oracle, not userdefined.
> > > Thank you,
> > > Greg
> > >
> > > Maxim Demenko wrote:
> > > > Greg schrieb:
> > > > > Which are the functions usable in SQL that would take an SQL query
as
> > > > > string parameter (VARCHAR)?
> > > > >
> > > >
> > > > Please , define usable.
> > > > For example :
> > > > length('select sysdate from dual');
> > > > substr('select sysdate from dual',1,1');
> > > > and many other...
> > > >
> > > > If the query should be executed, then userdefined.
> > > >
> > > > Best regards
> > > >
> > > > Maxim
> > >
> > It isn't clear what you want to do. Give an example.(even if it is
"fake")
> > Jim
>
I am unaware of any native Oracle function that does that. You can write
one easily enough, but this practice opens you up to SQL Injection hacking.
Someone could just as easily put a drop table command for example. Also it
is very unscalable.(bad practice)
Jim
Received on Sat Aug 06 2005 - 09:12:29 CDT