Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
![]() |
![]() |
Home -> Community -> Usenet -> c.d.o.server -> Re: Dynamic sql
<devjnr_at_gmail.com> wrote in message
news:1156862145.027363.190850_at_b28g2000cwb.googlegroups.com...
> Why in sql server environment I ever heard BAD of dynamic sql and in
> Oracle I'm reading instead that it is cool?
>
> Only because of the bind variables way to secure from sql injection?
>
I can't comment on SQL Server, but in Oracle it is usually a bad idea to use
dynamic sql. If you are using a web application it would be prefereable to
use sql statements that have bind variables.
1. More performant
2. Immune to sql injection.
Jim
Received on Tue Aug 29 2006 - 09:47:14 CDT
![]() |
![]() |