Re: sqlQuery as string

Can you actually use dbms_sql to do something like

SELECT DBMS_SQL.SOME_FUNCTION('sql query string') FROM DUAL

?

As far as I know one can only use certain functions in SELECT queries. Is there a way to use procedures?

I don't care about scalar subqueries.

I am researching a potential vulnerability via functions that take string sql queries as argument (standard oracle functions if any or any functions from packages that could be used in an SQL query). owa_util might be something interesting to look into.

Thank you,
Greg

Mark C. Stock wrote:
> "Greg" <gregclau_at_yahoo.com> wrote in message
> news:1123342310.229369.148160_at_g47g2000cwa.googlegroups.com...
> > Actually there are a few XML functions in DBMS_XMLGEN that take in only
> > SELECT queries but I was wondering if there are any other outside of
> > those.
> > Thanks,
> > Greg
> >
>
> most folks don't think of Oracle supplied packages when the subject is
> oracle functions
>
> the packages dbms_sql and owa_util also handel dynamic sql
>
> can you describe what you're trying to accomplish?
>
> your previous example:
>
> SELECT FUNCTION('SELECT COLUMN FROM TABLE') FROM TABLE
>
> could just be written as a scalar subquery, ie:
>
> select
> ename
> , deptno
> , (select sum(sal)
> from emp e2
> where e2.deptno = e1.deptno
> ) as dept_sal
> from emp e1
> order by ename
>
> why do you need to pass the query as a string, and under what circumstances?
>
> ++ mcs
Received on Sat Aug 06 2005 - 12:38:01 CDT