Use const
Use compile-time-fixed SQL statement text unless you cannotUse compile-time-fixed SQL statement text unless you cannot
Use sql syntax template that constructs run-time-created sql statement text.
Expose the database to clients only via a pl/sql api. Control priviledges so that the client has no direct access to the application's objects of other kinds -- especially tables and views.
check/limit the variable
expose minimal pl/sql api
expose minimal previledge
The & syntax device denotes what we will call a value placeholder; and the &&
syntax device9
denotes what we will call a simple SQL name placeholder
No comments:
Post a Comment