Re: Dynamic SQL Method 4 : Avoid Re-parsing?

DA Morgan wrote:
> nsmith22 wrote:
> > Well im sorry, but you are wrong.
> >
> > Jim Kennedy wrote:
>
> >>>> What is the business need? Your description sounds very open to sql
> >>>> injection. Why do you need total dynamic sql?
> >>>> Jim
> >> You have a poor design.
> >>
> >> Jim
>
> Not only is Jim not wrong but you should not top post.
>
> Please scroll to the bottom to reply.
> --
> Daniel A. Morgan
> University of Washington
> damorgan_at_x.washington.edu
> (replace x with u to respond)
> Puget Sound Oracle Users Group
> www.psoug.org

I found from another source that by using OCI, I can make sure that I do not re-parse my completely dynamic queries, whereas in Pro*C it is not possible.

For those two who replied, I suggest that for the topics that others create, you either attempt to answer the question, give reason why the question is due to a problem, or just not respond at all.

As for the statement that using completely dynamic SQL is poor design and can be avoided, consider any application that cannot possibly know the tables it is selecting from, nor can it know the conditions or logical structure of those conditions. It cannot be avoided. Its not to say that validation is not done on the tables/columns being selected from (by a database ACL for example), but that ACL is also not known at compile time either. If you have a sensible argument against this, then please explain it rather than saying 'thats poor design' and 'yeah, the guy above is right'. Received on Mon Oct 16 2006 - 18:02:08 CDT