Execute Immediate in Oracle 10g

Hi , I have a small doubt regarding execute immediate.
As per my knowledge we use execute immediate for writing DDL(create,truncate,...) statements to execute in the procedure or function.
But i have seen in my organization , some of the senior people(already left organization) used to write inserts , updates , deletes also in execute immediate even there is not much dynamic logic involved.
But as per my knowledge execute immediate can be badly used by most of the hackers with SQL injection I guess!!!!!
Is there any reason that they use execute immediate instead of writing the code directly??? Or is there any advantage in writing like this.???

Using execute immediate to create tables and other DDL is fundamentally undesirable, and should be avoided at all cost.
The use of execute immediate you seem to outline, should be avoided too. Apparently those seniors were unaware of the goal of PL/SQL and the disadvantage of execute immediate.
If I could vote to remove execute immediate from PL/SQL, I would be immediately in favor, especially in packages, procedures and functions,as they are stored, which means pre-compiled.
Sybrand Bakker
Senior Oracle DBA

Similar Messages

How to create a single executable file in oracle 10g

hi all
i am a fairly new user to oracle. i would like to know if there is any way that i can compile both the database and forms that i have created, using the oracle 10g developer suite, into a single executable file and be able to install it on another system without installing the development environment?
can anyone please help
thanks in advance

Hi there
The forum software was upgraded a few months back and many links to older content were lost.
There are possibly a few different things you need to do. First, click Project > Skin > Borders tab and DE-select the "Show Borders" check box. That will eliminate the _skin.SWF from the mix. If you have full motion clips you may need to take other steps.
Also note that while turning off the borders eliminates the _skin.SWF, it also has the side effect of coaxing the the playback controls up onto the main part of the presentation. If you don't like this, you need to resize the movie to make room for the playback controls to be placed into its own area.
Cheers... Rick
Helpful and Handy Links
Captivate Wish Form/Bug Reporting Form
Adobe Certified Captivate Training
SorcerStone Blog
Captivate eBooks

Error on converting EXECUTE IMMEDIATE from oracle to SQL

Hi,
I am converting db from oracle to SQL using SSMA.
I get following error while converting schema-
This is the statement on source side (oracle) which is giving below error -EXECUTE IMMEDIATE sqlStat INTO objects_count;
* SSMA error messages:
* O2SS0013: EXECUTE IMMEDIATE statement was converted into EXEC(...) statement, but dynamic string was not converted. It must be converted manually.
EXECUTE (@sqlStat)
Another issue is that I get below warning when converting this - temHEX NUMBER;
from oracle to sql.
* SSMA warning messages:
* O2SS0356: Conversion from NUMBER datatype can cause data loss.
It is converting to this in SQL - @temHEX float(53),
Please suggest.
Thanks.

Hi,
I faced same error again-
Below is the EXECUTE IMMEDIATE statement. Please help.
* SSMA error messages:
* O2SS0013: EXECUTE IMMEDIATE statement was converted into EXEC(...) statement, but dynamic string was not converted. It must be converted manually.
EXECUTE (
'insert into Table1 (C_REPORTNAME,C_REPORTCODE,C_DATE,C_WEEK,C_MONTH,C_YEAR,'
+
ISNULL(@sColumnNames, '')
+
') values ('''
+
ISNULL(@sReportName, '')
+
+
ISNULL(@sReportCode, '')
+
+
ISNULL(CAST(@dInputDate AS nvarchar(max)), '')
+
+
ISNULL(@sWeekNumber, '')
+
+
ISNULL(@sMonth, '')
+
+
ISNULL(@sYear, '')
+
+
ISNULL(@sName, '')
+
+
ISNULL(@sDescription, '')
+
+
ISNULL(CAST(@nFail_Count AS nvarchar(max)), '')
+
+
ISNULL(CAST(@nPass_Count AS nvarchar(max)), '')
+
+
ISNULL(CAST(@nPassing_Fraction AS nvarchar(max)), '')
+
+
ISNULL(@sEnabled, '')
+

Getting error "Column is not indexed " when executing query on ORACLE 10g

Hi all,
When executing the below query im getting the error "ORA-20000:Column is not indexed"
query:
select xmlelement("nexml:result",xmlattributes('http://namespaces.nextance.com/nex/xml' as "xmlns:nexml"),xmlelement("nexml:value",count(*))).getClobVal()
from "permission"
where ( ((contains(object_value,'(searchDocument) inpath(/permission/action)') > 0)) and ((existsNode(object_value,'/permission[resource/resourcekey/@type[. = "document"]]') = 1)) and ((contains(object_value,'(GeneralUser) inpath(/permission/principal/@name)') > 0)) and ((existsNode(object_value,'/permission[principal/@type[. = "group"]]') = 1)) and ((existsNode(object_value,'/permission[type[. = "allow"]]') = 1)) and ((contains(object_value,'(nexip) inpath(/permission/resource/resourcekey/field/@value)') > 0) or (contains(object_value,'(Corporate) inpath(/permission/resource/resourcekey/field/@value)') > 0) or (contains(object_value,'(ProcurementAgreement) inpath(/permission/resource/resourcekey/field/@value)') > 0) or (contains(object_value,'(Procurement) inpath(/permission/resource/resourcekey/field/@value)') > 0) or (contains(object_value,'(SalesAgreement) inpath(/permission/resource/resourcekey/field/@value)') > 0)) )
Then after checking some forum, i replaced "contains" with "ora:contains" and executed the query. Now im not getting the first error but got a new error "invalid relational operator"
So please help me in resolving the errors?
Thanks in advance.

Anil kumar wrote:
Hi,
Thanks for your reply. Could you please explain your solution in detail?Hi,
I just have a try...
create table t (id int,my_lob clob)
begin
insert into t values(101,'Oracle redwood shores USA');
insert into t values (102,'HP palo alto USA');
insert into t values(103,'Capgemini FRANCE');;
end;
create index my_idx on t(my_lob) indextype is ctxsys.context
select *
from t
where contains(my_lob,'USA',1)>0
Output
ID      MY_LOB
101     Oracle redwood shores USA
102     HP palo alto USA Hope it helps,
CKLP

Using EXECUTE IMMEDIATE with Create Table SQL Statement not working

Hi ,
I am all the privileges given from the SYSTEM user , but still i am not able to create a table under procedure . Please see these and advice.
create or replace procedure sp_dummy as
begin
Execute Immediate 'Create table Dummy99_99 (Dummy_Field number)';
end;
even i tried this way also
create or replace PROCEDURE clearing_Practise(p_file_id in varchar2, p_country in VARCHAR2,p_mapId in VARCHAR2)
AUTHID CURRENT_USER AS
strStatusCode VARCHAR2(6);
BEGIN
EXECUTE IMMEDIATE 'create table bonus(name varchar2(50))';
commit;
EXCEPTION
WHEN OTHERS THEN
dbms_output.put_line('ERROR Creating Table');
END ;

William Robertson wrote:
Since the syntax is correct, my guess is you do not have CREATE TABLE system privilege granted directly to your account. A common scenario is that you have this privilege granted indirectly via a role, allowing you to create tables on the command line, but stored PL/SQL is stricter and requires a direct grant and therefore the procedure fails with 'insufficient privileges'.A bit like he's already been told on his first thread...
Using of Execute Immediate in Oracle PLSQL
Generally you would not create tables from stored PL/SQL. Also as you have found out, it's best not to hide exceptions with 'WHEN OTHERS THEN [some message which gives less detail than the one generated by Oracle]'.Again like he was told on the other thread.
There's just no telling some people eh! :)

SQL SSRS 2008 DateTime Calendar Control and Oracle 10g Data Source

Hello. I am creating reports in SSRS 2008 using the calendar control for a date range. Let's say we select a start date of 3/3/2012. This parameter is sent into my SQL statement in the WHERE clause which is executed against an Oracle 10g database. All syntax has to be in SQL that Oracle understands, so no CONVERT or CAST.
The format of the date is throwing an error "ORA-01843: not a valid month" when I try to use the following:
SELECT *
FROM TABLE
WHERE STARTDATE >= TO_DATE('3/03/2012', 'MM/DD/YYYY')
I get ORA-01722: invalid number when I try the following:
SELECT *
FROM TABLE
WHERE STARTDATE >= >= TO_CHAR('3/03/2012', 'MM/DD/YYYY')
I cannot find a way to format the date parameter in SQL Server SSRS before it gets to the SQL to be executed in Oracle.
Please help.
Thanks,
Sunny

920616 wrote:
sb92075: I am showing you how Oracle renders the date if I do a simple select from the table from which I am trying to pull data. You are right, it sure doesn't prove anything other than how the date looks right out of the Oracle database, but hopefully, it will give a clue as to how I need my SSRS date parameter to work.
Hans Forbrich:
I get ORA-01722: invalid number when I try the following:
SELECT *
FROM TABLE
WHERE STARTDATE >= TO_CHAR('3/03/2012', 'MM/DD/YYYY')
Solomon:
It works. The problem is getting the parameter '3/3/2012' into a usable format for Oracle.
Let's assume an application is sending in '3/3/2012' which will be used in an Oracle query (no PL/SQL allowed, nor can I create functions, stored procedures, etc - only straight up SQL). How can I prepare the parameter to successfully do the compare on the Oracle Date field?
12:50:23 SQL> select TO_CHAR('03/03/2012', 'MM/DD/YYYY') from dual;
select TO_CHAR('03/03/2012', 'MM/DD/YYYY') from dual
ERROR at line 1:
ORA-01722: invalid number
12:51:00 SQL> ed
Wrote file afiedt.buf
1* select TO_DATE('03/03/2012', 'MM/DD/YYYY') from dual
12:51:20 SQL> /
TO_DATE('03/03/2012
2012-03-03 00:00:00

Execute immediate in reports

Greedings,
How is it possible to do it in the follow query?
DECLARE
temp VARCHAR2(170);
temp2 VARCHAR2(50);
query1 VARCHAR2(50);
BEGIN
query1:='Table1';
temp:='Select distinct amount from '||query1||' where amount= '||'30';
EXECUTE IMMEDIATE temp INTO temp2;
Dbms_Output.put_line(temp2);
END;
Thanks

Hi,
Execute immediate in oracle reports:
http://oracleapps4u.blogspot.com/2011/03/execute-immediate-in-oracle-reports.html

Error while insert data using execute immediate in dynamic table in oracle

Error while insert data using execute immediate in dynamic table created in oracle 11g .
first the dynamic nested table (op_sample) was created using the executed immediate...
object is
CREATE OR REPLACE TYPE ASI.sub_mark AS OBJECT (
mark1 number,
mark2 number
t_sub_mark is a class of type sub_mark
CREATE OR REPLACE TYPE ASI.t_sub_mark is table of sub_mark;
create table sam1(id number,name varchar2(30));
nested table is created below:
begin
EXECUTE IMMEDIATE ' create table '||op_sample||'
(id number,name varchar2(30),subject_obj t_sub_mark) nested table subject_obj store as nest_tab return as value';
end;
now data from sam1 table and object (subject_obj) are inserted into the dynamic table
declare
subject_obj t_sub_mark;
begin
subject_obj:= t_sub_mark();
EXECUTE IMMEDIATE 'insert into op_sample (select id,name,subject_obj from sam1) ';
end;
and got the below error:
ORA-00904: "SUBJECT_OBJ": invalid identifier
ORA-06512: at line 7
then when we tried to insert the data into the dynam_table with the subject_marks object as null,we received the following error..
execute immediate 'insert into '||dynam_table ||'
(SELECT

887684 wrote:
ORA-00904: "SUBJECT_OBJ": invalid identifier
ORA-06512: at line 7The problem is that your variable subject_obj is not in scope inside the dynamic SQL you are building. The SQL engine does not know your PL/SQL variable, so it tries to find a column named SUBJECT_OBJ in your SAM1 table.
If you need to use dynamic SQL for this, then you must bind the variable. Something like this:
EXECUTE IMMEDIATE 'insert into op_sample (select id,name,:bind_subject_obj from sam1) ' USING subject_obj;Alternatively you might figure out to use static SQL rather than dynamic SQL (if possible for your project.) In static SQL the PL/SQL engine binds the variables for you automatically.

Error executing a package on Oracle 10G database

Hi,
I've a package on Oracle 10G database which accepts xml string as input,loads it into XMLDOM and does some processing.
When I execute this package from .Net 2.0 client,I get the following error:
**Error**
err ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML processing
LPX-00216: invalid character 0 (0x0)
Error at line 1
**Error**
But when I execute the same package from .Net client 2.0 on Oracle 9i database, it seems to work fine.The xml which I am sending is well-formed one.
Where am i going wrong?
Please help.
Thanks in advance...!
Regards,
Amit

Check the xml strings passed as input . One of the xmls may be malformed.

Executing Procedure in SQL SERVER and Storing the results in Oracle 10g

Hello,
I am trying execute SQL SERVER procedure from Oracle 10g and store the results in a oracle table. When I tried executing the procedure i am getting errors.
I am using Oracle Heteroeneous Services.
Steps I followed.
1. Created ODBC DSN on Oracle Server connecting to SQL SERVER database.
2. Created Listner entry and TNSNAMES entries.
3. Created Database link and able to select the data from the SQL SERVER tables.
Here is the code i tried to execute the procedure.
BEGIN
"META"."extract"@abc;
END;
"META"."extract"@abc;
ERROR at line 2:
ORA-06550: line 2, column 1:
PLS-00201: identifier 'META.extract@ABC' must be declared
ORA-06550: line 2, column 1:
PL/SQL: Statement ignored
Please help me.
Thank You,
Seshadri Thope

Hi thopevs,
Can you please tell me the right syntax of calling procedures(on sql server) from oracle?
I am getting following error:
SQL> execute "GetdateSys"@oratosql;
begin "GetdateSys"@oratosql; end;
ORA-06550: line 2, column 7:
PLS-00201: identifier 'GetdateSys@ORATOSQL' must be declared
ORA-06550: line 2, column 7:
PL/SQL: Statement ignored
SQL>
Your help will be highly appreciated.
Thanks & Regards,
M.U.N.A

How To Execute an Oracle 10g SProc using VS 2005, for Reporting Services

Good day! :-)
Anybody who knows the syntax for executing an Oracle Stored Proc thru ODBC connection using VS 2005 for Reporting Services? I am having a problem about this.
I am using the ODBC connection because VS 2005 does not support Oracle Database 10g in its Oracle Database Connection feature (only 7.3, 8i, and 9i), that's y.
While using MS SQL Server 2000, I never encountered any problem. But using Oracle Database 10g, I find it hard to call the stored procedures, an error is generated everytime.
Please click the link below for the screenshots:
http://www.geocities.com/vrcode2/oraError.JPG
http://www.geocities.com/vrcode2/storedProc.JPG
Please help...thank you so much.
Francis

I'll give you updates about the use of the MS SQL Server Reporting Services with VS 2005 and Oracle, this might be helpful for those who will encounter this same ctuation in the future.
I have discovered that if you're going to connect thru ODBC, even if the connection is successful, the user is still prompted to input a password, which should not be the case when using the Reporting Services. Another thing to take note is the issue about REF CURSOR, we're going to have problems with this. And also the syntax on how you're going to call the stored procedures (with or without input parameters).
With modifications made through Oracle Net Manager, and I tried AGAIN connecting through "Oracle (client)" feature of VS 2005 (even if the list only include Oracle 7.3, 8i, and 9i that are supported) with some changes also, you'd still be able to generate correct data with that solution. If the configuration is correct, you just need to call the stored procedure (with or without input parameter), you won't have any problems about the correct syntax.
I suppose VS 2005 was released earlier than Oracle 10g, that's why 10g wasn't included If ever u'd encounter the same ctuation like mine, and u need the details on how to connect, do not hesitate to ask me.

Executing Pro*C/C++ generate code in Oracle 10g Express

Hi,
I had developed my application using Pro*C/C++ in Oracle 10g Enterprise Edition Release 2 to generate the code to execute my SQL statements from the application program.
Problem 1:
Now, as I am trying to migrate my database to the Oracle 10g Express edition, my application failed to recompile as I'm unable to find the orasql10.lib and header files.
Question 1:
I would like to enquire if Oracle 10g express supports Pro*C/C++ and can the code generated in Oracle 10g Enterprise Edition be executed in Oracle 10g Express?
Problem 2:
I tried to copy the orasql10.lib and header files from Oracle 10g Enterprise Edition to Oracle 10g Express. The application is able to compile successfully, but it's unable to execute as an "no symbol loaded" error message occurred when the application trying to load for the oracle dll files.
Question 2:
Is there any work around to solve this problem?
Thanks.
Regards,
Wee Teck

Wee Teck,
I wouldn't go about copying files between Oracle installations, it's definitely not supported.
In theory you should be able to compile your Pro*C/C++ app in another Oracle home and run the resulting app against an XE instance.
Cheers,
Colin

Function not executing in oracle 10g

Hi ALL,
I have a problem executing below Function in oracle 10g.
Pls do help me solve the prblm it wud be a great help.
Thanks in advance.
Here is a below function and the error i am getting:
create or replace FUNCTION UnpackArray
Source IN VARCHAR2 DEFAULT NULL,
Delimiter IN CHAR DEFAULT ','
RETURN reSourceArray0 PIPELINED
IS
SourceArray00 SourceArray0:=SourceArray0(NULL);
TYPE REFCURSOR IS REF CURSOR;
CURSOR0 REFCURSOR;
DelLen int;
Pos int;
Cnt int;
str int;
LEN int;
Holder VARCHAR2(220);
BEGIN
--Check for NULL
IF Source is null or Delimiter is null THEN
Return;
END IF;
--Check for at leat one entry
IF RTRIM(LTRIM(Source)) = '' THEN
Return;
END IF;
/*Get the length of the delimeter*/
SELECT LENGTH(RTRIM(Delimiter)) INTO DelLen FROM DUAL;
SELECT INSTR(UPPER(Source), UPPER(Delimiter)) INTO Pos FROM DUAL;
--Only one entry was found
IF Pos = 0 THEN
BEGIN
INSERT INTO UnpackArray_TBL
( Data )
VALUES ( Source );
return;
OPEN CURSOR0 FOR SELECT * FROM UnpackArray_TBL;
END;
END IF;
/*More than one entry was found - loop to get all of them*/
SELECT 1 INTO str FROM DUAL;
<< LABEL4 >>
WHILE Pos > 0
LOOP
BEGIN
/*Set current entry*/
SELECT Pos - str INTO len FROM DUAL;
SELECT SUBSTR(Source, str, len) INTO Holder FROM DUAL;
/* Update array and counter*/
/* Update array and counter*/
INSERT INTO UnpackArray_TBL
VALUES ( Holder );
/*Set the new strting position*/
SELECT Pos + DelLen INTO str FROM DUAL;
SELECT INSTR(UPPER(Source), UPPER(Delimiter), str) INTO Pos FROM DUAL;
OPEN CURSOR0 FOR SELECT * FROM UnpackArray_TBL;
END;
END LOOP;
/*Set last entry*/
SELECT SUBSTR(Source, str, length(RTRIM(Source))) INTO Holder FROM DUAL;
-- Update array and counter if necessary
IF length(RTRIM(Holder)) > 0 THEN
INSERT INTO UnpackArray_TBL
VALUES ( Holder );
OPEN CURSOR0 FOR SELECT * FROM UnpackArray_TBL;
END IF;
--Return the number of entries found
Return; LOOP
FETCH CURSOR0 INTO
SourceArray00.Data;
EXIT WHEN CURSOR0%NOTFOUND;
PIPE ROW(SourceArray00);
END LOOP;
CLOSE CURSOR0;
RETURN;
END;
Error is : Compilation failed,line 6 (12:13:25)
PLS-00201: identifier 'RESOURCEARRAY0' must be declared
Compilation failed,line 0 (12:13:25)
PL/SQL: Compilation unit analysis terminated

user11917384 wrote:
Error is : Compilation failed,line 6 (12:13:25)
PLS-00201: identifier 'RESOURCEARRAY0' must be declared
Compilation failed,line 0 (12:13:25)
PL/SQL: Compilation unit analysis terminatedHave you created a sql user defined type with name RESOURCEARRAY0...??
Ravi Kumar

Cannot execute autocheck DISPLAY variable not set Oracle 10g Solaris 10

Hallo!I am a total Solaris newbie. I am trying to install Oracle 10g on Solaris 10 but when I run the runInstaller,th following error appears
Could not execute auto check for display colors using command /usr/openwin/bin/xdpyinfo. Check if the DISPLAY variable is set. Failed <<<<I have set the display parameters in the oracle user via command
$ export DISPLAY=joey-solaris:0.0
The SUNWxwplt is installed.
How do I resolve this?
Thanks

4joey1 wrote:
xclock can run as root user but not as oracle user
by doing
$ export DISPLAY=joey-solaris:0.0
I think its similar to
$ DISPLAY=workstation_name:0.0
$ export DISPLAY
as shown from your reference http://download.oracle.com/docs/cd/B19306_01/install.102/b15697/app_ts.htm#sthref1226 but still the error appears.
Thanks.Assuming you are connecting to the solaris box from you workstation via telnet or ssh ...
Do you have an x-server (such as Exceed or xming) running on your workstation?
Did you set DISPLAY to the ip of your workstation, not the solaris server?
DISPLAY is redirecting "x" output to the specified location (your workstation), and there needs to be an x-server running at that location.

See the detalis of DDL commands executing on oracle 10g

Hi,
how can i see the detail of DDL command executed on oracle 10g on ECC 6.0
ECC 6.0
HPUX
Regards,

Did you activated the auditing mechanish on the Oracle? If it is active, you can query the audit table;
select * from sys.aud$;
Another way is using Oracle Log Miner. You can find the related information, on the link below;
http://docs.oracle.com/cd/B10501_01/server.920/a96521/logminer.htm
Best regards,
Orkun Gedik

Execute Immediate in Oracle 10g

Similar Messages

Maybe you are looking for