The DBMS_ASSERT package provides an interface to validate properties of the input value.
See Also:
Oracle Database PL/SQL Language Reference for more information about "Avoiding SQL Injection in PL/SQL"This chapter contains the following topics:
Operational Notes
Table 26-1 DBMS_APPLICATION_INFO Package Subprograms
Subprogram | Description |
---|---|
Enquotes a string literal |
|
Encloses a name in double quotes |
|
Returns the value without any checking |
|
Verifies that the input string is a qualified SQL name |
|
Verifies that the input string is an existing schema name |
|
Verifies that the input string is a simple SQL name |
|
Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object |
This function returns the value without any checking.
DBMS_ASSERT.NOOP ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
DBMS_ASSERT.NOOP ( str CLOB CHARACTER SET ANY_CS) RETURN CLOB CHARACTER SET str%CHARSET;
This function verifies that the input string is a qualified SQL name.
DBMS_ASSERT.QUALIFIED_SQL_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
A qualified SQL name <qualified name> can be expressed by the following grammar:
<local qualified name> ::= <simple name> {'.' <simple name>} <database link name> ::= <local qualified name> ['@' <connection string>] <connection string> ::= <simple name> <qualified name> ::= <local qualified name> ['@' <database link name>]
This function verifies that the input string is an existing schema name.
DBMS_ASSERT.SCHEMA_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
This function verifies that the input string is a simple SQL name.
DBMS_ASSERT.SIMPLE_SQL_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
The input value must be meet the following conditions:
The name must begin with an alphabetic character. It may contain alphanumeric characters as well as the characters _, $, and # in the second and subsequent character positions.
Quoted SQL names are also allowed.
Quoted names must be enclosed in double quotes.
Quoted names allow any characters between the quotes.
Quotes inside the name are represented by two quote characters in a row, for example, "a name with "" inside" is a valid quoted name.
The input parameter may have any number of leading and/or trailing white space characters.
The length of the name is not checked.