Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> variable binding in DDL statements problem

variable binding in DDL statements problem

From: dvizel <dvizel_at_gmail.com>
Date: 16 Feb 2005 12:19:40 -0800
Message-ID: <1108585180.684609.222830@l41g2000cwc.googlegroups.com> 





I would like to build dynamic SQL that generates CREATE VIEW statement;
where clause will contain user input, hence I would like to use
variable binding:



CREATE VIEW BUG_VW AS SELECT * FROM BUG WHERE BG_DETECTION_DATE=? And
BG_USER=?


The problem is Oracle doesn't allow variable binding in DDL statements;
however I still need this functionality.



Possible solutions I thought about were performing SQL injection (which
takes a lot of time, is rather buggy, not secure) or probably enter
users input into helper table using variable binding and then use this
helper table, something like:



INSERT INTO HELPER_TABLE (ID,DATE1,STRING1) values (1,?,?)



CREATE VIEW BUG_VW AS SELECT BUG.* FROM BUG b,HELPER_TABLE h WHERE
BG_DETECTION_DATE=h.DATE1 And BG_USER=h.STRING1 AND h.id=1



 Is it possible there is some more elegant way to workaround this
problem?



   Thanks for your help,


        Dima
Received on Wed Feb 16 2005 - 14:19:40 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US