You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following code detects a violation of "G-9501: Never use parameter in string expression of dynamic SQL. Use asserted local variable instead.":
create or replace procedure exec_sql(in_sql invarchar2) is
l_sql varchar2(1000char) := in_sql;
l_sql_asserted varchar2(1000char);
begin
l_sql_asserted :=sys.dbms_assert.noop(l_sql);
execute immediate l_sql_asserted;
end exec_sql;
/
It works when rewritten this way:
create or replace procedure exec_sql(in_sql invarchar2) is
l_sql varchar2(1000char) :=sys.dbms_assert.noop(in_sql);
begin
execute immediate l_sql;
end exec_sql;
/
However, this detects a "G-2160: Avoid initializing variables using functions in the declaration section.". Which is correct.
The assignment in the declare section honors guideline "G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit."
The following code detects a violation of "G-9501: Never use parameter in string expression of dynamic SQL. Use asserted local variable instead.":
It works when rewritten this way:
However, this detects a "G-2160: Avoid initializing variables using functions in the declaration section.". Which is correct.
The assignment in the declare section honors guideline "G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit."
This issue is related to #55.
The text was updated successfully, but these errors were encountered: