Hi,
Please i am trying to use dbms_assert package in a SQL statement and I want to understand exactly how dbms_assert protects against SQL injection ?
thanks.
Question
Share
Sign Up to our social questions and Answers to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers to ask questions, answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Hi,
Please i am trying to use dbms_assert package in a SQL statement and I want to understand exactly how dbms_assert protects against SQL injection ?
thanks.
The dbms_assert package is used in databases that don’t employ bind variables to help prevent SQL injection attacks, by “sanitizing” the SQL.
it has several procedures inside ex :
and this a simple example of using (dbms_assert.simple_sql_name)
[code]CREATE OR REPLACE PROCEDURE oraask_test (tbl_name VARCHAR2, col_name VARCHAR2)
IS
qry VARCHAR2 (500);
BEGIN
qry := ‘ALTER TABLE ‘ || dbms_assert.simple_sql_name ( :tbl_name) || ‘ ADD ‘ || :col_name || char (1);
EXECUTE IMMEDIATE qry USING col_name;
END oraask_test;[/code]