Databases Reference
In-Depth Information
For PL/SQL, use these best practices:
•
Use compiled code when appropriate. When the source code of a plug-in is
embedded in its PL/SQL code attribute, it is treated as an anonymous block and
must all be compiled each time any one of the callback functions is executed.
Using compiled code—code that has been placed in a PL/SQL package, for
example—can avoid this overhead. This is especially important for plug-ins that
use a lot of PL/SQL. However, plug-in developers must keep in mind that this
technique requires additional installation steps for plug-in users. Try to design
your plug-ins in such a way that plug-in users can conveniently start using the
plug-in but can easily move to more performant code if needed.
•
Escape user input when appropriate. Plug-ins will often display data that is
maintained by end users. If the data is not properly escaped the plug-in could
introduce Cross Site Scripting (XSS) vulnerabilities in an application. Using
SYS.HTF.ESCAPE SC
to escape special characters whenever working with user-
maintained data is the best way to protect against XSS. However, because this may
not always be the desired functionality, you may want to make it optional.
•
Use debug/logging code. Debug code can be useful to plug-in developers as well
as plug-in users when it comes to hunting down and fixing bugs. All of the
tutorials in this chapter use one of the debug procedures of the
APEX_PLUGIN_UTIL package to output some basic debug information when the
application was running in debug mode. Consider using the
APEX_DEBUG_MESSAGE package to add additional debug information where
appropriate.
•
Use named notation as much as possible. In PL/SQL, parameters can be passed
using positional notation, named notation, or a combination of both. While it may
not make sense to always use positional notation, using it as much as possible will
help to self-document your code and possibly prevent repeated readings of the
API documentation.
Conclusion
In the first part of this chapter you learned about the various parts of the plug-in architecture in APEX as
well as some other tools that can help with plug-in development, such as the jQuery UI Widget Factory
and the jQuery UI CSS Framework. In the second part of the chapter you put what you learned in the
first part to use as you built four plug-ins—one of each plug-in type. Many techniques, from making web
service requests to using Ajax, were covered along the way. Finally, some “best practices” were covered
to help you create high quality plug-ins. At this point you should be armed with enough knowledge to
begin development on your own plug-ins!
