<devjnr_at_gmail.com> wrote in message
news:1156863157.387148.235580_at_75g2000cwc.googlegroups.com...
>
> fitzjarrell_at_cox.net ha scritto:
>
> > Post this link where dynamic sql is considered 'cool' in Oracle. I'd
> > like to see who stated such a fallacy.
>
>
>
http://download-uk.oracle.com/docs/cd/B19306_01/appdev.102/b14261/dynamic.htm
>
> I read more advantages then disadvantages...
>
> The only bad thing noted is the "possible" sql injection.
>
Notice they spend a lot of time showing how to use bind variables. There is
a reason for that. If you don't use bind variables then performance will
suffer greatly. I think they are documenting it because it is a feature
and so many programmers don't understand that dynamic code generation can be
detrimental to performance and sql injection. If you code sql and use the
oci interface correctly you can build highly scalable, highly perfomant
applications. Dynamic sql is for a few cases and should not be used in most
cases.
Jim
Received on Tue Aug 29 2006 - 10:03:40 CDT
