| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: Database programming standards
If they claim that there is no way to use bind variables, have them search google for "sql injection" and to make sure that their code doesn't allow it to happen. Hopefully that will convince them to start using bind variables.
-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org]
Sent: Thursday, June 03, 2004 11:38 AM
To: 'oracle-l_at_freelists.org'
Subject: RE: Database programming standards
We have the same problem here, they don't want to write sql. They claim there is no way to use bind variables in Java (we are using Jbosse). I haven't had time to look into it. I would assume there is. Can someone point me to a link or forum?
Thanks,
Kathy
-----Original Message-----
From: Mercadante, Thomas F [mailto:thomas.mercadante_at_labor.state.ny.us]
Sent: Thursday, June 03, 2004 9:46 AM
To: 'oracle-l_at_freelists.org'
Subject: RE: Database programming standards
Donald,
My assumption about #2 was that they would abandon all the stored procs & packs that have been developed. That, to me, implies that they would also create Java objects to perform sql without using bind variables. My experience is that Java programmers do not want to learn about bind variables - indeed - the Java programmers I see here *barely* know how to right (sp???) decent sql. They don't have the experience or time to learn how to do it right.
Just me pessimistic view of things.
Tom Mercadante
Oracle Certified Professional
-----Original Message-----
From: Freeman, Donald [mailto:dofreeman_at_state.pa.us]
Sent: Thursday, June 03, 2004 10:37 AM
To: oracle-l_at_freelists.org
Subject: RE: Database programming standards
1 and 3 I understand. I'm missing something about number 2. If they code their application, using bind variables, why will there be a sql-reuse issue? I would expect that cursors would be shared etc.. And to be fair they haven't said they want to move all of it but I'm not sure what criteria they would use to move which functionality. I kind of expect that they will be forced to learn pl/sql.
> 1). It will cost them time and money to move all of the
> logic to their application now.
> 2). Long term, you will guarantee that response-time of the
> application will slow because of the sql-reuse issue.
> 3). It is stupid idea to now change the implementation plan.
-- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- This transmission contains information solely for intended recipient and may be privileged, confidential and/or otherwise protect from disclosure. If you are not the intended recipient, please contact the sender and delete all copies of this transmission. This message and/or the materials contained herein are not an offer to sell, or a solicitation of an offer to buy, any securities or other instruments. The information has been obtained or derived from sources believed by us to be reliable, but we do not represent that it is accurate or complete. Any opinions or estimates contained in this information constitute our judgment as of this date and are subject to change without notice. Any information you share with us will be used in the operation of our business, and we do not request and do not want any material, nonpublic information. Absent an express prior written agreement, we are not agreeing to treat any information confidentially and will use any and all information and reserve the right to publish or disclose any information you share with us. ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request_at_freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------Received on Thu Jun 03 2004 - 11:01:00 CDT
 |
 |