| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Dynamic SQL Method 4 : Avoid Re-parsing?
"nsmith22" <nsmith22_at_gmail.com> wrote in message
news:1161039728.883345.219960_at_h48g2000cwc.googlegroups.com...
>
> DA Morgan wrote:
> > nsmith22 wrote:
> > > Well im sorry, but you are wrong.
> > >
> > > Jim Kennedy wrote:
> >
> > >>>> What is the business need? Your description sounds very open to
sql
> > >>>> injection. Why do you need total dynamic sql?
> > >>>> Jim
> > >> You have a poor design.
> > >>
> > >> Jim
> >
> > Not only is Jim not wrong but you should not top post.
> >
> > Please scroll to the bottom to reply.
> > --
> > Daniel A. Morgan
> > University of Washington
> > damorgan_at_x.washington.edu
> > (replace x with u to respond)
> > Puget Sound Oracle Users Group
> > www.psoug.org
>
>
> I found from another source that by using OCI, I can make sure that I
> do not re-parse my completely dynamic queries, whereas in Pro*C it is
> not possible.
>
> For those two who replied, I suggest that for the topics that others
> create, you either attempt to answer the question, give reason why the
> question is due to a problem, or just not respond at all.
>
> As for the statement that using completely dynamic SQL is poor design
> and can be avoided, consider any application that cannot possibly know
> the tables it is selecting from, nor can it know the conditions or
> logical structure of those conditions. It cannot be avoided. Its not
> to say that validation is not done on the tables/columns being selected
> from (by a database ACL for example), but that ACL is also not known at
> compile time either. If you have a sensible argument against this,
> then please explain it rather than saying 'thats poor design' and
> 'yeah, the guy above is right'.
>
Well, since you didn't identify a business need but how to implement your
solution it is rather difficult to suggest much. (other than the solution
isn't generally a good one) I have actually worked on applications that did
what I suggest. (C++ wrapper to OCI that managed cursors and would even
cache a bunch of cursors to cover the event of repeated cursor with slight
changes. egg select ... from mytable where x=:y; then select ... from
mytable where x=:y and z=:a; and then select ... from mytable where x=:y;
where these sql statements cycle.)
Jim
Received on Mon Oct 16 2006 - 22:30:59 CDT
 |
 |