Tell Me Glossary
 

3.2 Use Static SQL

Previous previous|next Next Page

 If you do not need dynamic SQL, use static SQL, which has the following advantages:

  • Static SQL reduces SQL injection vulnerability.
  • Successful compilation creates schema object dependencies.
  • This can improve performance, when compared to DBMS_SQL.

    Note that the performance of dynamic SQL is now comparable to that of static SQL.

There are two dynamic SQL common situations, where developers often use static SQL, when it serves the purpose and is more secure:

  • Handle varying number of IN-list values in the query condition.
  • Handle the LIKE comparison operator in the query condition.
Click here for an example of using static SQL for queries with varying number of IN-list values.
Click here for an example of using static SQL for queries with LIKE comparison operators.

For more details on this topic, see:
OracleŽ Database PL/SQL Language Reference,
Using Static SQL