Jim Kennedy wrote:
> "pbewig_at_swbell.net" <pbewig_at_gmail.com> wrote in message
> news:1127770503.003040.303560_at_g47g2000cwa.googlegroups.com...
>
>>Actually, it's the other way around. I have a procedure in my client
>>program that must be called at the appropriate time by a procedure in
>>the package -- a callback. And I have to pass an argument from the
>>package procedure back to the procedure in the client program.
>>
>>I'm an old lisp hacker, trapped in a PL/SQL body. This kind of thing
>>-- higher-order functions -- is normal in the lisp world, but doesn't
>>exist in the PL/SQL world. I'm trying to find a way to make it work.
>>
>>Phil
>>
>
> Phil,
> This is a very bad idea in the pl/sql world. Why? Good question. As Dave
> points out it can lead to sqlinjection which opens your database to
> potential hacking and destruction. Also it usually ends up producing a very
> unscalable application. (Often by an order or two of magnitude)
>
> Instead of the "neat" programming technique ( I like them myself) what is
> the business need?
> Jim
>
>
You can get a good feel of SQL Injection here!
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Amogh
Received on Tue Sep 27 2005 - 01:46:56 CDT
