PL/SQL User's Guide and Reference 10g Release 1 (10.1) Part Number B10807-01 |
|
|
View PDF |
Civilization advances by extending the number of important operations that we can perform without thinking about them. —Alfred North Whitehead
This chapter shows you how to turn sets of statements into reusable subprograms. Subprograms are like building blocks for modular, maintainable applications.
This chapter contains these topics:
Subprograms are named PL/SQL blocks that can be called with a set of parameters. PL/SQL has two types of subprograms, procedures and functions. Generally, you use a procedure to perform an action and a function to compute a value.
Like anonymous blocks, subprograms have:
A declarative part, with declarations of types, cursors, constants, variables, exceptions, and nested subprograms. These items are local and cease to exist when the subprogram ends.
An executable part, with statements that assign values, control execution, and manipulate Oracle data.
An optional exception-handling part, which deals with runtime error conditions.
Example 8-1 Simple PL/SQL Procedure
The following example shows a string-manipulation procedure that accepts both input and output parameters, and handles potential errors:
CREATE OR REPLACE PROCEDURE double ( original IN VARCHAR2, new_string OUT VARCHAR2 ) AS BEGIN new_string := original || original; EXCEPTION WHEN VALUE_ERROR THEN dbms_output.put_line('Output buffer not long enough.'); END; /
Example 8-2 Simple PL/SQL Function
The following example shows a numeric function that declares a local variable to hold temporary results, and returns a value when finished:
CREATE OR REPLACE FUNCTION square(original NUMBER) RETURN NUMBER AS original_squared NUMBER; BEGIN original_squared := original * original; RETURN original_squared; END; /
Subprograms let you extend the PL/SQL language. Procedures act like new statements. Functions act like new expressions and operators.
Subprograms let you break a program down into manageable, well-defined modules. You can use top-down design and the stepwise refinement approach to problem solving.
Subprograms promote reusability. Once tested, a subprogram can be reused in any number of applications. You can call PL/SQL subprograms from many different environments, so that you do not have to reinvent the wheel each time you use a new language or API to access the database.
Subprograms promote maintainability. You can change the internals of a subprogram without changing other subprograms that call it. Subprograms play a big part in other maintainability features, such as packages and object types.
Dummy subprograms (stubs) let you defer the definition of procedures and functions until after testing the main program. You can design applications from the top down, thinking abstractly, without worrying about implementation details.
When you use PL/SQL subprograms to define an API, you can make your code even more reusable and maintainable by grouping the subprograms into a PL/SQL package. For more information about packages, see Chapter 9, " Using PL/SQL Packages".
A procedure is a subprogram that performs a specific action. You write procedures using the SQL CREATE PROCEDURE
statement. You specify the name of the procedure, its parameters, its local variables, and the BEGIN-END
block that contains its code and handles any exceptions.
For each parameter, you specify:
Its name.
Its parameter mode (IN
, OUT
, or IN OUT
). If you omit the mode, the default is IN
. The optional NOCOPY
keyword speeds up processing of large OUT
or IN OUT
parameters.
Its datatype. You specify only the type, not any length or precision constraints.
Optionally, its default value.
You can specify whether the procedure executes using the schema and permissions of the user who defined it, or the user who calls it. For more information, see "Using Invoker's Rights Versus Definer's Rights (AUTHID Clause)".
You can specify whether it should be part of the current transaction, or execute in its own transaction where it can COMMIT
or ROLLBACK
without ending the transaction of the caller. For more information, see "Doing Independent Units of Work with Autonomous Transactions".
Procedures created this way are stored in the database. You can execute the CREATE
PROCEDURE
statement interactively from SQL*Plus, or from a program using native dynamic SQL (see Chapter 7, " Performing SQL Operations with Native Dynamic SQL").
A procedure has two parts: the specification (spec for short) and the body. The procedure spec begins with the keyword PROCEDURE
and ends with the procedure name or a parameter list. Parameter declarations are optional. Procedures that take no parameters are written without parentheses.
The procedure body begins with the keyword IS
(or AS
) and ends with the keyword END
followed by an optional procedure name. The procedure body has three parts: a declarative part, an executable part, and an optional exception-handling part.
The declarative part contains local declarations. The keyword DECLARE
is used for anonymous PL/SQL blocks, but not procedures. The executable part contains statements, which are placed between the keywords BEGIN
and EXCEPTION
(or END
). At least one statement must appear in the executable part of a procedure. You can use the NULL
statement to define a placeholder procedure or specify that the procedure does nothing. The exception-handling part contains exception handlers, which are placed between the keywords EXCEPTION
and END
.
A procedure is called as a PL/SQL statement. For example, you might call the procedure raise_salary
as follows:
raise_salary(emp_id, amount);
A function is a subprogram that computes a value. Functions and procedures are structured alike, except that functions have a RETURN
clause.
Functions have a number of optional keywords, used to declare a special class of functions known as table functions. They are typically used for transforming large amounts of data in data warehousing applications.
The CREATE
clause lets you create standalone functions, which are stored in an Oracle database. You can execute the CREATE
FUNCTION
statement interactively from SQL*Plus or from a program using native dynamic SQL.
The AUTHID
clause determines whether a stored function executes with the privileges of its owner (the default) or current user and whether its unqualified references to schema objects are resolved in the schema of the owner or current user. You can override the default behavior by specifying CURRENT_USER
.
The PARALLEL_ENABLE
option declares that a stored function can be used safely in the slave sessions of parallel DML evaluations. The state of a main (logon) session is never shared with slave sessions. Each slave session has its own state, which is initialized when the session begins. The function result should not depend on the state of session (static
) variables. Otherwise, results might vary across sessions.
The hint DETERMINISTIC
helps the optimizer avoid redundant function calls. If a stored function was called previously with the same arguments, the optimizer can elect to use the previous result. The function result should not depend on the state of session variables or schema objects. Otherwise, results might vary across calls. Only DETERMINISTIC
functions can be called from a function-based index or a materialized view that has query-rewrite enabled. For more information, see Oracle Database SQL Reference.
The pragma AUTONOMOUS_TRANSACTION
instructs the PL/SQL compiler to mark a function as autonomous (independent). Autonomous transactions let you suspend the main transaction, do SQL operations, commit or roll back those operations, then resume the main transaction.
You cannot constrain (with NOT
NULL
for example) the datatype of a parameter or a function return value. However, you can use a workaround to size-constrain them indirectly. See "Understanding PL/SQL Procedures".
Like a procedure, a function has two parts: the spec and the body. The function spec begins with the keyword FUNCTION
and ends with the RETURN
clause, which specifies the datatype of the return value. Parameter declarations are optional. Functions that take no parameters are written without parentheses.
The function body begins with the keyword IS
(or AS
) and ends with the keyword END
followed by an optional function name. The function body has three parts: a declarative part, an executable part, and an optional exception-handling part.
The declarative part contains local declarations, which are placed between the keywords IS
and BEGIN
. The keyword DECLARE
is not used. The executable part contains statements, which are placed between the keywords BEGIN
and EXCEPTION
(or END
). One or more RETURN
statements must appear in the executable part of a function. The exception-handling part contains exception handlers, which are placed between the keywords EXCEPTION
and END
.
A function is called as part of an expression:
IF sal_ok(new_sal, new_title) THEN ...
The RETURN
statement immediately ends the execution of a subprogram and returns control to the caller. Execution continues with the statement following the subprogram call. (Do not confuse the RETURN
statement with the RETURN
clause in a function spec, which specifies the datatype of the return value.)
A subprogram can contain several RETURN
statements. The subprogram does not have to conclude with a RETURN
statement. Executing any RETURN
statement completes the subprogram immediately.
In procedures, a RETURN
statement does not return a value and so cannot contain an expression. The statement returns control to the caller before the end of the procedure.
In functions, a RETURN
statement must contain an expression, which is evaluated when the RETURN
statement is executed. The resulting value is assigned to the function identifier, which acts like a variable of the type specified in the RETURN
clause. Observe how the function balance
returns the balance of a specified bank account:
FUNCTION balance (acct_id INTEGER) RETURN REAL IS acct_bal REAL; BEGIN SELECT bal INTO acct_bal FROM accts WHERE acct_no = acct_id; RETURN acct_bal; END balance; /
The following example shows that the expression in a function RETURN
statement can be arbitrarily complex:
FUNCTION compound ( years NUMBER, amount NUMBER, rate NUMBER) RETURN NUMBER IS BEGIN RETURN amount * POWER((rate / 100) + 1, years); END compound; /
In a function, there must be at least one execution path that leads to a RETURN
statement. Otherwise, you get a function returned without value error at run time.
You can declare subprograms in any PL/SQL block, subprogram, or package. The subprograms must go at the end of the declarative section, after all other items.
You must declare a subprogram before calling it. This requirement can make it difficult to declare several nested subprograms that call each other.
You can declare interrelated nested subprograms using a forward declaration: a subprogram spec terminated by a semicolon, with no body.
Although the formal parameter list appears in the forward declaration, it must also appear in the subprogram body. You can place the subprogram body anywhere after the forward declaration, but they must appear in the same program unit.
This section explains how to pass information in and out of PL/SQL subprograms using parameters:
Subprograms pass information using parameters:
The variables declared in a subprogram spec and referenced in the subprogram body are formal parameters.
The variables or expressions passed from the calling subprogram are actual parameters.
A good programming practice is to use different names for actual and formal parameters.
When you call a procedure, the actual parameters are evaluated and the results are assigned to the corresponding formal parameters. If necessary, before assigning the value of an actual parameter to a formal parameter, PL/SQL converts the datatype of the value. For example, if you pass a number when the procedure expects a string, PL/SQL converts the parameter so that the procedure receives a string.
The actual parameter and its corresponding formal parameter must have compatible datatypes. For instance, PL/SQL cannot convert between the DATE
and REAL
datatypes, or convert a string to a number if the string contains extra characters such as dollar signs.
Example 8-4 Formal Parameters and Actual Parameters
The following procedure declares two formal parameters named emp_id
and amount
:
PROCEDURE raise_salary (emp_id INTEGER, amount REAL) IS BEGIN UPDATE emp SET sal = sal + amount WHERE empno = emp_id; END raise_salary; /
This procedure call specifies the actual parameters emp_num
and amount
:
raise_salary(emp_num, amount);
Expressions can be used as actual parameters:
raise_salary(emp_num, merit + cola);
When calling a subprogram, you can write the actual parameters using either:
Positional notation. You specify the same parameters in the same order as they are declared in the procedure.
This notation is compact, but if you specify the parameters (especially literals) in the wrong order, the bug can be hard to detect. You must change your code if the procedure's parameter list changes.
Named notation. You specify the name of each parameter along with its value. An arrow (=>
) serves as the association operator. The order of the parameters is not significant.
This notation is more verbose, but makes your code easier to read and maintain. You can sometimes avoid changing your code if the procedure's parameter list changes, for example if the parameters are reordered or a new optional parameter is added. Named notation is a good practice to use for any code that calls someone else's API, or defines an API for someone else to use.
Mixed notation. You specify the first parameters with positional notation, then switch to named notation for the last parameters.
You can use this notation to call procedures that have some required parameters, followed by some optional parameters.
Example 8-5 Subprogram Calls Using Positional, Named, and Mixed Notation
DECLARE acct INTEGER := 12345; amt REAL := 500.00; PROCEDURE credit_acct (acct_no INTEGER, amount REAL) IS BEGIN NULL; END; BEGIN -- The following calls are all equivalent. credit_acct(acct, amt); -- positional credit_acct(amount => amt, acct_no => acct); -- named credit_acct(acct_no => acct, amount => amt); -- named credit_acct(acct, amount => amt); -- mixed END; /
You use parameter modes to define the behavior of formal parameters. The three parameter modes are IN
(the default), OUT
, and IN
OUT
.
Any parameter mode can be used with any subprogram. Avoid using the OUT
and IN
OUT
modes with functions. To have a function return multiple values is a poor programming practice. Also, functions should be free from side effects, which change the values of variables not local to the subprogram.
An IN
parameter lets you pass values to the subprogram being called. Inside the subprogram, an IN
parameter acts like a constant. It cannot be assigned a value.
You can pass a constant, literal, initialized variable, or expression as an IN parameter.
IN
parameters can be initialized to default values, which are used if those parameters are omitted from the subprogram call. For more information, see "Using Default Values for Subprogram Parameters".
An OUT
parameter returns a value to the caller of a subprogram. Inside the subprogram, an OUT
parameter acts like a variable. You can change its value, and reference the value after assigning it:
PROCEDURE split_name ( phrase IN VARCHAR2, first OUT VARCHAR2, last OUT VARCHAR2 ) IS first := SUBSTR(phrase, 1, INSTR(phrase, ' ')-1); last := SUBSTR(phrase, INSTR(phrase, ' ')+1); IF first = 'John' THEN DBMS_OUTPUT.PUT_LINE('That is a common first name.'); END IF; END; /
You must pass a variable, not a constant or an expression, to an OUT
parameter. Its previous value is lost unless you specify the NOCOPY
keyword (see "Using Default Values for Subprogram Parameters") or the subprogram exits with an unhandled exception.
Like variables, OUT
formal parameters are initialized to NULL
. The datatype of an OUT
formal parameter cannot be a subtype defined as NOT
NULL
, such as the built-in subtypes NATURALN
and POSITIVEN
. Otherwise, when you call the subprogram, PL/SQL raises VALUE_ERROR
.
Before exiting a subprogram, assign values to all OUT
formal parameters. Otherwise, the corresponding actual parameters will be null. If you exit successfully, PL/SQL assigns values to the actual parameters. If you exit with an unhandled exception, PL/SQL does not assign values to the actual parameters.
An IN
OUT
parameter passes initial values to a subprogram and returns updated values to the caller. It can be assigned a value and its value can be read. Typically, an IN OUT
parameter is a string buffer or numeric accumulator, that is read inside the subprogram and then updated.
The actual parameter that corresponds to an IN
OUT
formal parameter must be a variable; it cannot be a constant or an expression.
If you exit a subprogram successfully, PL/SQL assigns values to the actual parameters. If you exit with an unhandled exception, PL/SQL does not assign values to the actual parameters.
Table 8-1 summarizes all you need to know about the parameter modes.
IN | OUT | IN OUT |
---|---|---|
The default | Must be specified | Must be specified |
Passes values to a subprogram | Returns values to the caller | Passes initial values to a subprogram and returns updated values to the caller |
Formal parameter acts like a constant | Formal parameter acts like an uninitialized variable | Formal parameter acts like an initialized variable |
Formal parameter cannot be assigned a value | Formal parameter must be assigned a value | Formal parameter should be assigned a value |
Actual parameter can be a constant, initialized variable, literal, or expression | Actual parameter must be a variable | Actual parameter must be a variable |
Actual parameter is passed by reference (a pointer to the value is passed in) | Actual parameter is passed by value (a copy of the value is passed out) unless NOCOPY is specified |
Actual parameter is passed by value (a copy of the value is passed in and out) unless NOCOPY is specified |
By initializing IN
parameters to default values, you can pass different numbers of actual parameters to a subprogram, accepting the default values for any parameters you omit. You can also add new formal parameters without having to change every call to the subprogram.
Example 8-6 Procedure with Default Parameter Values
PROCEDURE create_dept ( new_dname VARCHAR2 DEFAULT 'TEMP', new_loc VARCHAR2 DEFAULT 'TEMP') IS BEGIN NULL; END; /
If a parameter is omitted, the default value of its corresponding formal parameter is used. Consider the following calls to create_dept
:
create_dept; -- Same as create_dept('TEMP','TEMP'); create_dept('SALES'); -- Same as create_dept('SALES','TEMP'); create_dept('SALES', 'NY');
You cannot skip a formal parameter by leaving out its actual parameter. To omit the first parameter and specify the second, use named notation:
create_dept(new_loc => 'NEW YORK');
You cannot assign a null to an uninitialized formal parameter by leaving out its actual parameter. You must pass the null explicitly, or you can specify a default value of NULL
in the declaration.
PL/SQL lets you overload subprogram names and type methods. You can use the same name for several different subprograms as long as their formal parameters differ in number, order, or datatype family.
Suppose you want to initialize the first n rows in two index-by tables that were declared as follows:
DECLARE TYPE DateTabTyp IS TABLE OF DATE INDEX BY BINARY_INTEGER; TYPE RealTabTyp IS TABLE OF REAL INDEX BY BINARY_INTEGER; hiredate_tab DateTabTyp; sal_tab RealTabTyp; BEGIN NULL; END; /
You might write a procedure to initialize one kind of collection:
PROCEDURE initialize (tab OUT DateTabTyp, n INTEGER) IS BEGIN FOR i IN 1..n LOOP tab(i) := SYSDATE; END LOOP; END initialize; /
You might also write a procedure to initialize another kind of collection:
PROCEDURE initialize (tab OUT RealTabTyp, n INTEGER) IS BEGIN FOR i IN 1..n LOOP tab(i) := 0.0; END LOOP; END initialize; /
Because the processing in these two procedures is the same, it is logical to give them the same name.
You can place the two overloaded initialize
procedures in the same block, subprogram, package, or object type. PL/SQL determines which procedure to call by checking their formal parameters. In the following example, the version of initialize
that PL/SQL uses depends on whether you call the procedure with a DateTabTyp
or RealTabTyp
parameter:
DECLARE TYPE DateTabTyp IS TABLE OF DATE INDEX BY BINARY_INTEGER; TYPE RealTabTyp IS TABLE OF REAL INDEX BY BINARY_INTEGER; hiredate_tab DateTabTyp; comm_tab RealTabTyp; indx BINARY_INTEGER; PROCEDURE initialize (tab OUT DateTabTyp, n INTEGER) IS BEGIN NULL; END; PROCEDURE initialize (tab OUT RealTabTyp, n INTEGER) IS BEGIN NULL; END; BEGIN indx := 50; initialize(hiredate_tab, indx); -- calls first version initialize(comm_tab, indx); -- calls second version END; /
You can overload two subprograms if their formal parameters differ only in numeric datatype. This technique might be useful in writing mathematical APIs, where several versions of a function could use the same name, each accepting a different numeric type. For example, a function accepting BINARY_FLOAT
might be faster, while a function accepting BINARY_DOUBLE
might provide more precision.
To avoid problems or unexpected results passing parameters to such overloaded subprograms:
Make sure to test that the expected version of a subprogram is called for each set of expected parameters. For example, if you have overloaded functions that accept BINARY_FLOAT
and BINARY_DOUBLE
, which is called if you pass a VARCHAR2
literal such as '5.0'?
Qualify numeric literals and use conversion functions to make clear what the intended parameter types are. For example, use literals such as 5.0f
(for BINARY_FLOAT
), 5.0d
(for BINARY_DOUBLE
), or conversion functions such as TO_BINARY_FLOAT()
, TO_BINARY_DOUBLE()
, and TO_NUMBER()
.
PL/SQL looks for matching numeric parameters starting with PLS_INTEGER
or BINARY_INTEGER
, then NUMBER
, then BINARY_FLOAT
, then BINARY_DOUBLE
. The first overloaded subprogram that matches the supplied parameters is used. A VARCHAR2
value can match a NUMBER
, BINARY_FLOAT
, or BINARY_DOUBLE
parameter.
For example, consider the SQRT
function, which takes a single parameter. There are overloaded versions that accept a NUMBER
, a BINARY_FLOAT
, or a BINARY_DOUBLE
parameter. If you pass a PLS_INTEGER
parameter, the first matching overload (using the order given in the preceding paragraph) is the one with a NUMBER
parameter, which is likely to be the slowest. To use one of the faster versions, use the TO_BINARY_FLOAT
or TO_BINARY_DOUBLE
functions to convert the parameter to the right datatype.
For another example, consider the ATAN2
function, which takes two parameters of the same type. If you pass two parameters of the same type, you can predict which overloaded version is used through the same rules as before. If you pass parameters of different types, for example one PLS_INTEGER
and one BINARY_FLOAT
, PL/SQL tries to find a match where both parameters use the "higher" type. In this case, that is the version of ATAN2
that takes two BINARY_FLOAT
parameters; the PLS_INTEGER
parameter is converted "upwards".
The preference for converting "upwards" holds in more complicated situations. For example, you might have a complex function that takes two parameters of different types. One overloaded version might take a PLS_INTEGER
and a BINARY_FLOAT
parameter. Another overloaded version might take a NUMBER
and a BINARY_DOUBLE
parameter. What happens if you call this procedure name and pass two NUMBER
parameters? PL/SQL looks "upward" first to find the overloaded version where the second parameter is BINARY_FLOAT
. Because this parameter is a closer match than the BINARY_DOUBLE
parameter in the other overload, PL/SQL then looks "downward" and converts the first NUMBER
parameter to PLS_INTEGER
.
Only local or packaged subprograms, or type methods, can be overloaded. You cannot overload standalone subprograms.
You cannot overload two subprograms if their formal parameters differ only in name or parameter mode. For example, you cannot overload the following two procedures:
DECLARE PROCEDURE reconcile (acct_no IN INTEGER) IS BEGIN NULL; END; PROCEDURE reconcile (acct_no OUT INTEGER) IS BEGIN NULL; END; /
You cannot overload subprograms whose parameters differ only in subtype. For example, you cannot overload procedures where one accepts an INTEGER
parameter and the other accepts a REAL
parameter, even though INTEGER
and REAL
are both subtypes of NUMBER
and so are in the same family.
You cannot overload two functions that differ only in the datatype of the return value, even if the types are in different families. For example, you cannot overload two functions where one returns BOOLEAN
and the other returns INTEGER
.
Figure 8-1 shows how the PL/SQL compiler resolves subprogram calls. When the compiler encounters a procedure or function call, it tries to find a declaration that matches the call. The compiler searches first in the current scope and then, if necessary, in successive enclosing scopes. The compiler looks more closely when it finds one or more subprogram declarations in which the subprogram name matches the name of the called subprogram.
To resolve a call among possibly like-named subprograms at the same level of scope, the compiler must find an exact match between the actual and formal parameters. They must match in number, order, and datatype (unless some formal parameters were assigned default values). If no match is found or if multiple matches are found, the compiler generates a semantic error.
The following example calls the enclosing procedure swap
from the function reconcile
, generating an error because neither declaration of swap
within the current scope matches the procedure call:
PROCEDURE swap (n1 NUMBER, n2 NUMBER) IS num1 NUMBER; num2 NUMBER; FUNCTION balance (...) RETURN REAL IS PROCEDURE swap (d1 DATE, d2 DATE) IS BEGIN NULL; END; PROCEDURE swap (b1 BOOLEAN, b2 BOOLEAN) IS BEGIN NULL; END; BEGIN swap(num1, num2); RETURN ... END balance; BEGIN NULL; END; /
The overloading algorithm allows substituting a subtype value for a formal parameter that is a supertype. This capability is known as substitutability. If more than one instance of an overloaded procedure matches the procedure call, the following rules apply to determine which procedure is called:
If the only difference in the signatures of the overloaded procedures is that some parameters are object types from the same supertype-subtype hierarchy, the closest match is used. The closest match is one where all the parameters are at least as close as any other overloaded instance, as determined by the depth of inheritance between the subtype and supertype, and at least one parameter is closer.
A semantic error occurs when two overloaded instances match, and some argument types are closer in one overloaded procedure to the actual arguments than in any other instance.
A semantic error also occurs if some parameters are different in their position within the object type hierarchy, and other parameters are of different datatypes so that an implicit conversion would be necessary.
For example, here we create a type hierarchy with 3 levels:
CREATE TYPE super_t AS object (n NUMBER) NOT final; CREATE OR replace TYPE sub_t under super_t (n2 NUMBER) NOT final; CREATE OR replace TYPE final_t under sub_t (n3 NUMBER);
We declare two overloaded instances of a function, where the only difference in argument types is their position in this type hierarchy:
CREATE PACKAGE p IS FUNCTION foo (arg super_t) RETURN NUMBER; FUNCTION foo (arg sub_t) RETURN NUMBER; END; / CREATE PACKAGE BODY p IS FUNCTION foo (arg super_t) RETURN NUMBER IS BEGIN RETURN 1; END; FUNCTION foo (arg sub_t) RETURN NUMBER IS BEGIN RETURN 2; END; END; /
We declare a variable of type final_t
, then call the overloaded function. The instance of the function that is executed is the one that accepts a sub_t
parameter, because that type is closer to final_t
in the hierarchy than super_t
is.
set serveroutput on declare v final_t := final_t(1,2,3); begin dbms_output.put_line(p.foo(v)); end; /
In the previous example, the choice of which instance to call is made at compile time. In the following example, this choice is made dynamically.
CREATE TYPE super_t2 AS object (n NUMBER, MEMBER FUNCTION foo RETURN NUMBER) NOT final; / CREATE TYPE BODY super_t2 AS MEMBER FUNCTION foo RETURN NUMBER IS BEGIN RETURN 1; END; END; / CREATE OR replace TYPE sub_t2 under super_t2 (n2 NUMBER, OVERRIDING MEMBER FUNCTION foo RETURN NUMBER) NOT final; / CREATE TYPE BODY sub_t2 AS OVERRIDING MEMBER FUNCTION foo RETURN NUMBER IS BEGIN RETURN 2; END; END; / CREATE OR replace TYPE final_t2 under sub_t2 (n3 NUMBER); /
We declare v
as an instance of super_t2
, but because we assign a value of sub_t2
to it, the appropriate instance of the function is called. This feature is known as dynamic dispatch.
set serveroutput on declare v super_t2 := final_t2(1,2,3); begin dbms_output.put_line(v.foo); end; /
By default, stored procedures and SQL methods execute with the privileges of their owner, not their current user. Such definer's rights subprograms are bound to the schema in which they reside, allowing you to refer to objects in the same schema without qualifying their names. For example, if schemas SCOTT
and BLAKE
both have a table called dept, a procedure owned by SCOTT
can refer to dept
rather than SCOTT.DEPT
. If user BLAKE
calls SCOTT
's procedure, the procedure still accesses the dept
table owned by SCOTT
.
If you compile the same procedure in both schemas, you can define the schema name as a variable in SQL*Plus and refer to the table like &schema..dept
. The code is portable, but if you change it, you must recompile it in each schema.
A more maintainable way is to use the AUTHID
clause, which makes stored procedures and SQL methods execute with the privileges and schema context of the calling user. You can create one instance of the procedure, and many users can call it to access their own data.
Such invoker's rights subprograms are not bound to a particular schema. The following version of procedure create_dept
executes with the privileges of the calling user and inserts rows into that user's dept
table:
CREATE PROCEDURE create_dept ( my_deptno NUMBER, my_dname VARCHAR2, my_loc VARCHAR2) AUTHID CURRENT_USER AS BEGIN INSERT INTO dept VALUES (my_deptno, my_dname, my_loc); END; /
Invoker's rights subprograms let you reuse code and centralize application logic. They are especially useful in applications that store data using identical tables in different schemas. All the schemas in one instance can call procedures owned by a central schema. You can even have schemas in different instances call centralized procedures using a database link.
Consider a company that uses a stored procedure to analyze sales. If the company has several schemas, each with a similar SALES
table, normally it would also need several copies of the stored procedure, one in each schema.
To solve the problem, the company installs an invoker's rights version of the stored procedure in a central schema. Now, all the other schemas can call the same procedure, which queries the appropriate to SALES
table in each case.
You can restrict access to sensitive data by calling from an invoker's rights subprogram to a definer's rights subprogram that queries or updates the table containing the sensitive data. Although multiple users can call the invoker's rights subprogram, they do not have direct access to the sensitive data.
To implement invoker's rights, use the AUTHID
clause, which specifies whether a subprogram executes with the privileges of its owner or its current user. It also specifies whether external references (that is, references to objects outside the subprogram) are resolved in the schema of the owner or the current user.
The AUTHID
clause is allowed only in the header of a standalone subprogram, a package spec, or an object type spec. In the CREATE FUNCTION
, CREATE PROCEDURE
, CREATE PACKAGE
, or CREATE TYPE
statement, you can include either AUTHID CURRENT_USER
or AUTHID DEFINER
immediately before the IS
or AS
keyword that begins the declaration section.
DEFINER
is the default option. In a package or object type, the AUTHID
clause applies to all subprograms.
Note: Most supplied PL/SQL packages (such as DBMS_LOB
, DBMS_PIPE
, DBMS_ROWID
, DBMS_SQL
, and UTL_REF
) are invoker's rights packages.
In a sequence of calls, whenever control is inside an invoker's rights subprogram, the current user is the session user. When a definer's rights subprogram is called, the owner of that subprogram becomes the current user. The current user might change as new subprograms are called or as subprograms exit.
To verify who the current user is at any time, you can check the USER_USERS
data dictionary view. Inside an invoker's rights subprogram, the value from this view might be different from the value of the USER
built-in function, which always returns the name of the session user.
If you specify AUTHID
CURRENT_USER
, the privileges of the current user are checked at run time, and external references are resolved in the schema of the current user. However, this applies only to external references in:
SELECT
, INSERT
, UPDATE
, and DELETE
data manipulation statements
The LOCK
TABLE
transaction control statement
OPEN
and OPEN-FOR
cursor control statements
EXECUTE
IMMEDIATE
and OPEN-FOR-USING
dynamic SQL statements
SQL statements parsed using DBMS_SQL.PARSE()
For all other statements, the privileges of the owner are checked at compile time, and external references are resolved in the schema of the owner. For example, the assignment statement below refers to the packaged function balance
. This external reference is resolved in the schema of the owner of procedure reconcile
.
CREATE PROCEDURE reconcile (acc_id IN INTEGER) AUTHID CURRENT_USER AS bal NUMBER; BEGIN bal := bank_ops.balance(acct_id); ... END; /
The PL/SQL compiler must resolve all references to tables and other objects at compile time. The owner of an invoker's rights subprogram must have objects in the same schema with the right names and columns, even if they do not contain any data. At run time, the corresponding objects in the caller's schema must have matching definitions. Otherwise, you get an error or unexpected results, such as ignoring table columns that exist in the caller's schema but not in the schema that contains the subprogram.
Occasionally, you might want an unqualified name to refer to some particular schema, not the schema of the caller. In the same schema as the invoker's rights subprogram, create a public synonym for the table, procedure, function, or other object using the CREATE
SYNONYM
statement:
CREATE PUBLIC SYNONYM emp FOR hr.employees;
When the invoker's rights subprogram refers to this name, it will match the synonym in its own schema, which resolves to the object in the specified schema. This technique does not work if the calling schema already has a schema object or private synonym with the same name. In that case, the invoker's rights subprogram must fully qualify the reference.
To call a subprogram directly, users must have the EXECUTE
privilege on that subprogram. By granting the privilege, you allow a user to:
Call the subprogram directly
Compile functions and procedures that call the subprogram
For external references resolved in the current user's schema (such as those in DML statements), the current user must have the privileges needed to access schema objects referenced by the subprogram. For all other external references (such as function calls), the owner's privileges are checked at compile time, and no run-time check is done.
A definer's rights subprogram operates under the security domain of its owner, no matter who is executing it. The owner must have the privileges needed to access schema objects referenced by the subprogram.
You can write a program consisting of multiple subprograms, some with definer's rights and others with invoker's rights. Then, you can use the EXECUTE
privilege to restrict program entry points. That way, users of an entry-point subprogram can execute the other subprograms indirectly but not directly.
Suppose user UTIL
grants the EXECUTE
privilege on subprogram FFT
to user APP
:
GRANT EXECUTE ON util.fft TO app;
Now, user APP
can compile functions and procedures that call subprogram FFT
. At run time, no privilege checks on the calls are done. As Figure 8-2 shows, user UTIL
need not grant the EXECUTE
privilege to every user who might call FFT
indirectly.
Since subprogram util.fft
is called directly only from invoker's rights subprogram app.entry
, user util
must grant the EXECUTE
privilege only to user APP
. When UTIL.FFT
is executed, its current user could be APP
, SCOTT
, or BLAKE
even though SCOTT
and BLAKE
were not granted the EXECUTE
privilege.
Figure 8-2 Indirect Calls to an Invoker's Rights Subprogram
The use of roles in a subprogram depends on whether it executes with definer's rights or invoker's rights. Within a definer's rights subprogram, all roles are disabled. Roles are not used for privilege checking, and you cannot set roles.
Within an invoker's rights subprogram, roles are enabled (unless the subprogram was called directly or indirectly by a definer's rights subprogram). Roles are used for privilege checking, and you can use native dynamic SQL to set roles for the session. However, you cannot use roles to grant privileges on template objects because roles apply at run time, not at compile time.
For invoker's rights subprograms executed within a view expression, the schema that created the view, not the schema that is querying the view, is considered to be the current user.
This rule also applies to database triggers.
You can create a database link to use invoker's rights:
CREATE DATABASE LINK link_name CONNECT TO CURRENT_USER USING connect_string;
A current-user link lets you connect to a remote database as another user, with that user's privileges. To connect, Oracle uses the username of the current user (who must be a global user). Suppose an invoker's rights subprogram owned by user BLAKE
references the database link below. If global user SCOTT
calls the subprogram, it connects to the Dallas database as user SCOTT
, who is the current user.
CREATE DATABASE LINK dallas CONNECT TO CURRENT_USER USING ...
If it were a definer's rights subprogram, the current user would be BLAKE
, and the subprogram would connect to the Dallas database as global user BLAKE
.
To define object types for use in any schema, specify the AUTHID
CURRENT_USER
clause. (For more information about object types, see Chapter 12, " Using PL/SQL Object Types".) Suppose user BLAKE
creates the following object type:
CREATE TYPE Num AUTHID CURRENT_USER AS OBJECT ( x NUMBER, STATIC PROCEDURE new_num ( n NUMBER, schema_name VARCHAR2, table_name VARCHAR2) ); / CREATE TYPE BODY Num AS STATIC PROCEDURE new_num ( n NUMBER, schema_name VARCHAR2, table_name VARCHAR2) IS sql_stmt VARCHAR2(200); BEGIN sql_stmt := 'INSERT INTO ' || schema_name || '.' || table_name || ' VALUES (blake.Num(:1))'; EXECUTE IMMEDIATE sql_stmt USING n; END; END; /
Then, user BLAKE
grants the EXECUTE
privilege on object type Num
to user SCOTT
:
GRANT EXECUTE ON Num TO scott;
Finally, user SCOTT
creates an object table to store objects of type Num
, then calls procedure new_num
to populate the table:
CONNECT scott/tiger; CREATE TABLE num_tab OF blake.Num; / BEGIN blake.Num.new_num(1001, 'scott', 'num_tab'); blake.Num.new_num(1002, 'scott', 'num_tab'); blake.Num.new_num(1003, 'scott', 'num_tab'); END; /
The calls succeed because the procedure executes with the privileges of its current user (SCOTT
), not its owner (BLAKE
).
For subtypes in an object type hierarchy, the following rules apply:
If a subtype does not explicitly specify an AUTHID
clause, it inherits the AUTHID
of its supertype.
If a subtype does specify an AUTHID
clause, its AUTHID
must match the AUTHID
of its supertype. Also, if the AUTHID
is DEFINER
, both the supertype and subtype must have been created in the same schema.
An invoker's rights instance method executes with the privileges of the invoker, not the creator of the instance. Suppose that Person
is an invoker's rights object type, and that user SCOTT
creates p1
, an object of type Person
. If user BLAKE
calls instance method change_job
to operate on object p1
, the current user of the method is BLAKE
, not SCOTT
. Consider the following example:
-- user blake creates a definer-rights procedure CREATE PROCEDURE reassign (p Person, new_job VARCHAR2) AS BEGIN -- user blake calls method change_job, so the -- method executes with the privileges of blake p.change_job(new_job); ... END; / -- user scott passes a Person object to the procedure DECLARE p1 Person; BEGIN p1 := Person(...); blake.reassign(p1, 'CLERK'); ... END; /
Recursion is a powerful technique for simplifying the design of algorithms. Basically, recursion means self-reference. In a recursive mathematical sequence, each term is derived by applying a formula to preceding terms. The Fibonacci sequence (0, 1, 1, 2, 3, 5, 8, 13, 21, ...), is an example. Each term in the sequence (after the second) is the sum of the two terms that immediately precede it.
In a recursive definition, something is defined as simpler versions of itself. Consider the definition of n factorial (n!), the product of all integers from 1 to n:
n! = n * (n - 1)!
A recursive subprogram is one that calls itself. Each recursive call creates a new instance of any items declared in the subprogram, including parameters, variables, cursors, and exceptions. Likewise, new instances of SQL statements are created at each level in the recursive descent.
Be careful where you place a recursive call. If you place it inside a cursor FOR
loop or between OPEN
and CLOSE
statements, another cursor is opened at each call, which might exceed the limit set by the Oracle initialization parameter OPEN_CURSORS
.
There must be at least two paths through a recursive subprogram: one that leads to the recursive call and one that does not. At least one path must lead to a terminating condition. Otherwise, the recursion would go on until PL/SQL runs out of memory and raises the predefined exception STORAGE_ERROR
.
Although PL/SQL is a powerful, flexible language, some tasks are more easily done in another language. Low-level languages such as C are very fast. Widely used languages such as Java have reusable libraries for common design patterns.
You can use PL/SQL call specs to invoke external subprograms written in other languages, making their capabilities and libraries available from PL/SQL.
For example, you can call Java stored procedures from any PL/SQL block, subprogram, or package. Suppose you store the following Java class in the database:
import java.sql.*; import oracle.jdbc.driver.*; public class Adjuster { public static void raiseSalary (int empNo, float percent) throws SQLException { Connection conn = new OracleDriver().defaultConnection(); String sql = "UPDATE emp SET sal = sal * ? WHERE empno = ?"; try { PreparedStatement pstmt = conn.prepareStatement(sql); pstmt.setFloat(1, (1 + percent / 100)); pstmt.setInt(2, empNo); pstmt.executeUpdate(); pstmt.close(); } catch (SQLException e) {System.err.println(e.getMessage());} } }
The class Adjuster
has one method, which raises the salary of an employee by a given percentage. Because raiseSalary
is a void
method, you publish it as a procedure using this call spec:
CREATE PROCEDURE raise_salary (empno NUMBER, pct NUMBER) AS LANGUAGE JAVA NAME 'Adjuster.raiseSalary(int, float)';
You might call procedure raise_salary
from an anonymous PL/SQL block:
DECLARE emp_id NUMBER; percent NUMBER; BEGIN -- get values for emp_id and percent raise_salary(emp_id, percent); -- call external subprogram END; /
External C subprograms are used to interface with embedded systems, solve engineering problems, analyze data, or control real-time devices and processes. External C subprograms extend the functionality of the database server, and move computation-bound programs from client to server, where they execute faster.
For more information about Java stored procedures, see Oracle Database Java Developer's Guide. For more information about external C subprograms, see Oracle Database Application Developer's Guide - Fundamentals.
PL/SQL Server Pages (PSPs) enable you to develop Web pages with dynamic content. They are an alternative to coding a stored procedure that writes out the HTML code for a web page, one line at a time.
Using special tags, you can embed PL/SQL scripts into HTML source code. The scripts are executed when the pages are requested by Web clients such as browsers. A script can accept parameters, query or update the database, then display a customized page showing the results.
During development, PSPs can act like templates with a static part for page layout and a dynamic part for content. You can design the layouts using your favorite HTML authoring tools, leaving placeholders for the dynamic content. Then, you can write the PL/SQL scripts that generate the content. When finished, you simply load the resulting PSP files into the database as stored procedures.
For more information about creating and using PSPs, see Oracle Database Application Developer's Guide - Fundamentals.
To be callable from SQL statements, a stored function (and any subprograms called by that function) must obey certain "purity" rules, which are meant to control side effects:
When called from a SELECT
statement or a parallelized INSERT
, UPDATE
, or DELETE
statement, the function cannot modify any database tables.
When called from an INSERT
, UPDATE
, or DELETE
statement, the function cannot query or modify any database tables modified by that statement.
When called from a SELECT
, INSERT
, UPDATE
, or DELETE
statement, the function cannot execute SQL transaction control statements (such as COMMIT
), session control statements (such as SET
ROLE
), or system control statements (such as ALTER
SYSTEM
). Also, it cannot execute DDL statements (such as CREATE
) because they are followed by an automatic commit.
If any SQL statement inside the function body violates a rule, you get an error at run time (when the statement is parsed).
To check for violations of the rules, you can use the pragma (compiler directive) RESTRICT_REFERENCES
. The pragma asserts that a function does not read or write database tables or package variables. For example, the following pragma asserts that packaged function credit_ok
writes no database state (WNDS
) and reads no package state (RNPS
):
CREATE PACKAGE loans AS FUNCTION credit_ok RETURN BOOLEAN; PRAGMA RESTRICT_REFERENCES (credit_ok, WNDS, RNPS); END loans; /
Note: A static INSERT
, UPDATE
, or DELETE
statement always violates WNDS
. It also violates RNDS
(reads no database state) if it reads any columns. A dynamic INSERT
, UPDATE
, or DELETE
statement always violates WNDS
and RNDS
.
For full syntax details, see "RESTRICT_REFERENCES Pragma". For more information about the purity rules, see Oracle Database Application Developer's Guide - Fundamentals.
To optimize a subprogram call, the PL/SQL compiler can choose between two methods of parameter passing. With the by-value method, the value of an actual parameter is passed to the subprogram. With the by-reference method, only a pointer to the value is passed; the actual and formal parameters reference the same item.
The NOCOPY
compiler hint increases the possibility of aliasing (that is, having two different names refer to the same memory location). This can occur when a global variable appears as an actual parameter in a subprogram call and then is referenced within the subprogram. The result is indeterminate because it depends on the method of parameter passing chosen by the compiler.
Example 8-7 Aliasing from Passing Global Variable with NOCOPY Hint
In the example below, procedure ADD_ENTRY
refers to varray LEXICON
both as a parameter and as a global variable. When ADD_ENTRY
is called, the identifiers WORD_LIST
and LEXICON
point to the same varray.
DECLARE TYPE Definition IS RECORD ( word VARCHAR2(20), meaning VARCHAR2(200)); TYPE Dictionary IS VARRAY(2000) OF Definition; lexicon Dictionary := Dictionary(); PROCEDURE add_entry (word_list IN OUT NOCOPY Dictionary) IS BEGIN word_list(1).word := 'aardvark'; lexicon(1).word := 'aardwolf'; END; BEGIN lexicon.EXTEND; add_entry(lexicon); dbms_output.put_line(lexicon(1).word); END; /
The program prints aardwolf
if the compiler obeys the NOCOPY
hint. The assignment to WORD_LIST
is done immediately through a pointer, then is overwritten by the assignment to LEXICON
.
The program prints aardvark
if the NOCOPY
hint is omitted, or if the compiler does not obey the hint. The assignment to WORD_LIST
uses an internal copy of the varray, which is copied back to the actual parameter (overwriting the contents of LEXICON
) when the procedure ends.
Example 8-8 Aliasing Passing Same Parameter Multiple Times
Aliasing can also occur when the same actual parameter appears more than once in a subprogram call. In the example below, n2
is an IN
OUT
parameter, so the value of the actual parameter is not updated until the procedure exits. That is why the first put_line
prints 10 (the initial value of n
) and the third put_line
prints 20. However, n3
is a NOCOPY
parameter, so the value of the actual parameter is updated immediately. That is why the second put_line
prints 30.
DECLARE n NUMBER := 10; PROCEDURE do_something ( n1 IN NUMBER, n2 IN OUT NUMBER, n3 IN OUT NOCOPY NUMBER) IS BEGIN n2 := 20; dbms_output.put_line(n1); -- prints 10 n3 := 30; dbms_output.put_line(n1); -- prints 30 END; BEGIN do_something(n, n, n); dbms_output.put_line(n); -- prints 20 END; /
Example 8-9 Aliasing from Assigning Cursor Variables to Same Work Area
Because they are pointers, cursor variables also increase the possibility of aliasing. In the following example, after the assignment, emp_cv2
is an alias of emp_cv1
; both point to the same query work area. The first fetch from emp_cv2
fetches the third row, not the first, because the first two rows were already fetched from emp_cv1
. The second fetch from emp_cv2
fails because emp_cv1
is closed.
PROCEDURE get_emp_data ( emp_cv1 IN OUT EmpCurTyp, emp_cv2 IN OUT EmpCurTyp) IS emp_rec employees%ROWTYPE; BEGIN OPEN emp_cv1 FOR SELECT * FROM employees; emp_cv2 := emp_cv1; FETCH emp_cv1 INTO emp_rec; -- fetches first row FETCH emp_cv1 INTO emp_rec; -- fetches second row FETCH emp_cv2 INTO emp_rec; -- fetches third row CLOSE emp_cv1; FETCH emp_cv2 INTO emp_rec; -- raises INVALID_CURSOR END; /