|Oracle® Database PL/SQL Language Reference
12c Release 1 (12.1)
|PDF · Mobi · ePub|
Caution:When using dynamic SQL, beware of SQL injection, a security risk. For more information about SQL injection, see "SQL Injection".
String literal, string variable, or string expression that represents a SQL statement. Its type must be either
SELECTstatement, and you omit both
For example, this statement never increments the sequence:
EXECUTE IMMEDIATE 'SELECT S.NEXTVAL FROM DUAL'
Specifies the variables or record in which to store the column values that the statement returns. For more information about this clause, see "RETURNING INTO Clause".
Specifies one or more collections in which to store the rows that the statement returns. For more information about this clause, see "RETURNING INTO Clause".
Returns the column values of the rows affected by the dynamic SQL statement, in either individual variables or records. For more information about this clause, see "RETURNING INTO Clause".
Specifies bind variables.
Use if and only if
dynamic_sql_stmt includes placeholders for bind variables.
dynamic_sql_stmt has a
INTO clause (
using_clause can contain only
IN bind variables. The bind variables in the
INTO clause are
OUT bind variables by definition.
Parameter modes of bind variables. An
IN bind variable passes its value to
OUT bind variable stores a value that
dynamic_sql_stmt returns. An
OUT bind variable passes its initial value to
dynamic_sql_stmt and stores a value that
dynamic_sql_stmt returns. Default:
For DML a statement with a
RETURNING clause, you can place
OUT bind variables in the
INTO clause without specifying the parameter mode, which is always
An expression whose value replaces its corresponding placeholder in
dynamic_sql_stmt at run time.
Every placeholder in
dynamic_sql_stmt must be associated with a
bind_argument in the
USING clause or
INTO clause (or both) or with a define variable in the
You can run
dynamic_sql_stmt repeatedly using different values for the bind variables. You incur some overhead, because
IMMEDIATE prepares the dynamic string before every execution.
Note:Bind variables can be evaluated in any order. If a program determines order of evaluation, then at the point where the program does so, its behavior is undefined.
bind_argument cannot be an associative array indexed by string.
bind_argument cannot be the reserved word
To pass the value
NULL to the dynamic SQL statement, use an uninitialized variable where you want to use
NULL, as in Example 7-7.