Placeholders in SQL DDL Statements

SQL DDL statements can now contain placeholders instead of hard coded values for some content. For example, placeholders may be used where a username or password are required in a CREATE USER statement. Oracle Call Interface programs can substitute values into the DDL statement placeholders before the statements are sent to Oracle Database. This is similar to data binding, but occurs in Oracle Client.

Application security is improved because values do not need to be hard coded in SQL DDL.

Details: Placeholders in SQL Statements

This page provides more detailed information about the OCIStmtPlaceholderSubstitute() function. OCIStmtPlaceholderSubstitute() substitutes placeholder strings in SQL statements. Placeholders can be specified in only those statements that cannot have bind variables. OCI placeholders are not the same as bind variables.

Related Topics