Databases Reference
In-Depth Information
Create a table
TEST_INJ
and fill it with some data:
CREATE TABLE sh.TEST_INJ (ID INT, NAME VARCHAR2(100));
INSERT INTO sh.TEST_INJ
SELECT cust_id, cust_first_name
FROM sh.customers WHERE ROWNUM < 101;
Let's see the result after executing the
TEST_INJECTION2
procedure:
The procedure that is being called simply shows information on the screen and requires a
string parameter. With a certain parameter value, we can delete data from the database,
emptying the
TEST_INJ
table.
In such cases, the use of bind variables would have avoided the problems described.
