Oracle® Database PL/SQL Packages and Types Reference 11g Release 1 (11.1) Part Number B28419-01 |
|
|
View PDF |
The DBMS_ASSERT package provides an interface to validate properties of the input value.
See Also:
Oracle Database PL/SQL Language Reference for more information about "Avoiding SQL Injection in PL/SQL"This chapter contains the following topics:
Operational Notes
If the condition which determines the property asserted in a function is not met then a value error is raised. Otherwise the input value is returned via return value. Most functions return the value unchanged, however, several functions modify the value.
Table 25-1 DBMS_APPLICATION_INFO Package Subprograms
Subprogram | Description |
---|---|
ENQUOTE_LITERAL Function |
Enquotes a string literal |
ENQUOTE_NAME Function |
Encloses a name in double quotes |
NOOP Functions |
Returns the value without any checking |
QUALIFIED_SQL_NAME Function |
Verifies that the input string is a qualified SQL name |
SCHEMA_NAME Function |
Verifies that the input string is an existing schema name |
SIMPLE_SQL_NAME Function |
Verifies that the input string is a simple SQL name |
SQL_OBJECT_NAME Function |
Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object |
This function enquotes a string literal.
Syntax
DBMS_ASSERT.ENQUOTE_LITERAL ( str VARCHAR2) RETURN VARCHAR2;
Parameters
Usage Notes
Add leading and trailing single quotes to a string literal.
Verify that all single quotes except leading and trailing characters are paired with adjacent single quotes.
This function encloses a name in double quotes.
Syntax
DBMS_ASSERT.ENQUOTE_NAME ( str VARCHAR2, capitalize BOOLEAN DEFAULT TRUE) RETURN VARCHAR2;
Parameters
Table 25-3 ENQUOTE_NAME Function Parameters
Parameter | Description |
---|---|
str |
String to enquote |
capitalize |
If TRUE or defaulted, alphabetic characters of str which was not in quotes are translated to upper case |
This function returns the value without any checking.
Syntax
DBMS_ASSERT.NOOP ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
DBMS_ASSERT.NOOP ( str CLOB CHARACTER SET ANY_CS) RETURN CLOB CHARACTER SET str%CHARSET;
Parameters
This function verifies that the input string is a qualified SQL name.
Syntax
DBMS_ASSERT.QUALIFIED_SQL_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
Parameters
Exceptions
ORA44004
: string is not a qualified SQL name
Usage Notes
A qualified SQL name <qualified name> can be expressed by the following grammar:
<local qualified name> ::= <simple name> {'.' <simple name>} <database link name> ::= <local qualified name> ['@' <connection string>] <connection string> ::= <simple name> <qualified name> ::= <local qualified name> ['@' <database link name>]
This function verifies that the input string is an existing schema name.
Syntax
DBMS_ASSERT.SCHEMA_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
Parameters
Exceptions
ORA44001
: Invalid schema name
Usage Notes
By definition, a schema name need not be just a simple SQL name. For example, "FIRST
LAST
" is a valid schema name. As a consequence, care must be taken to quote the output of schema name before concatenating it with SQL text.
This function verifies that the input string is a simple SQL name.
Syntax
DBMS_ASSERT.SIMPLE_SQL_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
Parameters
Exceptions
ORA44003
: string is not a simple SQL name
Usage Notes
The input value must be meet the following conditions:
The name must begin with an alphabetic character. It may contain alphanumeric characters as well as the characters _, $, and # in the second and subsequent character positions.
Quoted SQL names are also allowed.
Quoted names must be enclosed in double quotes.
Quoted names allow any characters between the quotes.
Quotes inside the name are represented by two quote characters in a row, for example, "a name with "" inside" is a valid quoted name.
The input parameter may have any number of leading and/or trailing white space characters.
The length of the name is not checked.
This function verifies that the input parameter string is a qualified SQL identifier of an existing SQL object.
Syntax
DBMS_ASSERT.SQL_OBJECT_NAME ( str VARCHAR2 CHARACTER SET ANY_CS) RETURN VARCHAR2 CHARACTER SET str%CHARSET;
Parameters
Exceptions
ORA44002
: Invalid object name