prevent sql injection in the transition from input parameter

Dear expert;

I was advice not not programmed that way due to the fact, it could cause a SQL injection. Therefore, what is the alternative for below. It must be a function that returns a ref cursor See my below syntax
create or replace package test as 

type list_cur is ref cursor;
function lists_needed(p_class varchar2) return list_cur;
end test;

create or replace package body test as
function lists_needed(p_class varchar2) return list_cur is

my_list_cur list_cur;

begin
open my_list_cur for 

select id from tbl_one t where t.id like (p_class) || %;

return my_list_cur;

end lists_needed;
end test;
any help is appreciated. Thank you.

SQL injection requires a dynamic code. I don't see how it could happen in this code or the example in your other thread.

Tags: Database

Similar Questions

  • The transition from the bridge of one payment to another

    Hello

    We have a customer who currently treat offline credit card transactions that that they have their payment gateway set to 'process (process manually via the existing installation) offline '.

    Now, they want to put in place a bridge of the National Australia Bank (NAB).

    Could someone provide suggestions as to how it would approach the transition from the bridge of one payment to another whereas BC only allows gateway to a payment to be selected at a time?  In other words:

    1. Is it possible that the existing offline payment gateway and the new NAB gateway can coexist so that we could go through a test phase without interrupting the continuity of the customer with the treatment of existing credit offline transactions?
    2. Or do we have to "cut" their existing sales process until the new payment gateway is fully configured and tested?

    Any comments would be much appreciated.

    Gavin

    It is not that much work to spend from OFFLINE to NAB TRANSACT

    I'm not sure, that you need to worry too much on the implementation and testing before to cut more (unless you have a really high turnover store and you want to be careful)

    Perhaps you could watch you log in to your partner portal and reproducing the SITE you want to configure on (if you have an exact dupe). Then you can go about your tests on THIS site and get all tested and functional then cut on the settings when you are happy

    Good luck

    [email protected]

  • Prevents SQL injection - cannot use cfqueryparam in this case

    Hello. I have a form with a checkbox next to each line.  If the user checks certain boxes, then click on the "Delete" button, I want to run the following query, but I want to protect from sql injection attacks:

    < cfquery datasource = "#application.mainDS #" >
    Remove userMessages
    where messageID in (#form.messageID #)
    < / cfquery >

    As written above, it works fine.  But if I try to protect this code with < cfqueryparam value = "" #form.messageID # "cfsqltype ="cf_sql_varchar">, I get this error:"Conversion failed when you convert the value '7.21' int data type varchar"(7 and 21 are the messageID to delete)."  Of course the comma prevents the conversion of an integer.

    If I use cfsqltype = "cf_sql_integer", the string is converted to a single integer (in this case 40015, which is nonsense).

    I tried from form.messageID to a stored procedure, but I seemed to have the same problem here.  I was able to execute the query in a loop where I just want to remove a line at a time, but I want run a query if I can do it safely.  Any ideas?

    Thank you.

    PK

    You just need to add the 'list' attribute to cfqueryparam to indicate that the 'value' contains multiple messageID.

  • Effect of movement not executed on the transition from State

    I have the following problem using view States, of transitions and the effect of movement

    I have a component panel and States state1 and state2.

    Panel is included in state1 but not in state2.

    When view state is changed from state1 to state2 I want to animate the front panel is removed.

    However, if I put a motion effect in my state of transition that it never runs because the Panel is removed before the effect plays.

    The only solution I found was to add a fade transition effect. This prevents the Panel to detach and the effect of movement is plays correctly.

    What continues? Is there a documentation explaining this? This could be a bug?

    Here is a sample application to demonstrate the problem. Panel1 has the problem and workaround Panel2.

    <? XML version = "1.0" encoding = "utf-8"? >

    " < = xmlns:fx s:Application ' http://ns.Adobe.com/MXML/2009 "xmlns:s ="library://ns.adobe.com/flex/spark" "

    xmlns:MX = "library://ns.adobe.com/flex/halo" >

    < s: states >

    < name s: State = "state1" / >

    < name s: State = 'state2' / >

    < / s: states >

    < s:Group >

    < s:Panel id = "panel1" y = "0" y.state2 = "100" title = "Group 1" includeIn = "state1" / > "

    < s:Panel id = "panel2" x = "150" y = "0" y.state2 = "100" title = "Group 2" includeIn = "state1" / > "

    < s:Button left = "300" label = "toggleState" click = "currentState = currentState == 'state1'? 'state2':"state1"" / > "

    < / s:Group >

    < s:transitions >

    < s:Transition fromState = toState 'state1' = 'state2' >

    < s:Parallel >

    <!-strange! 1 Panel is removed before the effect of movement time->

    < s:Move target = yTo "{panel1}" = "100" / >

    <!-the workarount. With a mannequin fade effect panel2 stays visible and move effect is executed->

    < s:Move target = yTo "{panel2}" = "100" / >

    < s: bland target = alphaTo "{panel2}" = "1" / >

    < / s:Parallel >

    < / s:Transition >

    < / s:transitions >

    < / s:Application >

    What is happening here is the Panel is removed from the DisplayList at the beginning of the transition before the passage has a chance to occur.  This happens by default unless someone tells the transition to remove the item at another time.

    There is a special logic built into bland who knows when an element is removed from the DisplayList so that he knows to say the transition to weaken the element before removing it.  This is why the workaround you mentioned works for your case.

    You will notice that if you use:


    The target fades out as long as his movement before retiring from the DisplayList.

    Normally, in this situation the transition must know when to remove the item from the DisplayList and you can tell him that using the RemoveAction tag, for example:

    http://ns.Adobe.com/MXML/2009"xmlns:s ="library://ns.adobe.com/flex/spark">
       
           
           
       
       
       


           
       
       
       
       
       
           
               
                   
                   
               
           
       

    Note that in this transition, I use a sequence and put the RemoveAction after the move, so the transition knows to move the item before removing it.

    By the way, thanks for the great code example!  When posting code on here is compile concise, complete, and I can quickly copy and paste into Flash Builder, I'm much more likely to focus on the issue.

  • Why the transition from the server causes error?

    I reported the error to the it Department, they respond as indicated below:

    "These errors are the result of a transition from server we are currently experiencing. As soon as the server transition is complete errors should stop. »

    «The transition of the server error has to do with displacement of the IP4 to IP6.» All pages work technically, but if you happen be routed through IP6 instead of the IP4, some of our pages will not appear due to firewall issues. »

    Does anyone have suggestions on what causes the error of IP4 to IP6?

    Thanks in advance for your suggestions

    -----------------------------------------------------------------------------------------------------------------

    Detailed description on the report of mail as shown below:

    Referring to the following link, some images cannot be display on 29 October.

    http://I1093.Photobucket.com/albums/i438/junk000/Error2.jpg 
     
     
    The other day, when I try to click on the following link and open it using IE8, the response is slow and getting the error on
    "Web Page error: 502 Bad Gateway!" with frontispiece USGS URL resolution error
    Please see the link for more information.

    http://I1093.Photobucket.com/albums/i438/junk000/error-6.jpg

    Do server not able to response to the loading of the web?  Is there anything to improve his performance on the server?

    Support is located in the Windows Server Forums:
    http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer/

  • You cannot change the length of the transition from photo album

    Does anyone know why I can't change the length of one of the album transitions four other than 16 frames photo?  The transition moves way to fast to a half second really give me the effect I was hoping.  Working with fcpx 10.2.3.  Running on an iMac, El Capitan, 10.11.3.  Any thoughts?

    The duration of the transition is controlled by the amount of available handles extra beyond the edit point. To increase the duration, you may have the trim, the shots to put at the disposal of the media more. Hand and waving of the Edit with the tab at the top of the transition point.

  • The transition from ReadyNAS Duo ReadyNAS 104 v1

    I am preparing the transition of the v1 of the Duo to the RN104. I intend to start with 1 a new 2 TB to the RN104 drive and copy the files of the Duo to her. Once the copy is complete, I plan to move both the two drives of 2 TB of the Duo to the RN104, configured as RAID5 and let the RN104 start the process. Is this a healthy way to get records and information of the Duo to the RN104? Please notify. Thank you.

    After you destroyed the old volume then click on box x-raid disengage x-raid2, after you click the first hard drive and create new volume may create with jbod and you're done for disc 1. in regards to Player 2 u do the same.

    usually, I called disc 1 as data1 and data2 2 drive. You can use any name :-)

  • Lost the video when the transition from XP to Windows 7

    After the Upgrade from Windows XP to Windows 7, I lost the video.  Upgrade is not completely finished, but I can't do anything to fix the problem I have no display.  I need to go back to XP or difficulty somehow the video from the command prompt.  What can I do?

    How to uninstall Windows 7:
    http://support.Microsoft.com/kb/971762

    How to uninstall Windows 7 by using the Windows.old folder:
    http://support.Microsoft.com/kb/971760

  • No sound after the transition from XP to Windows 7

    Original title: Audio becomes mute after upgrading Windows XP to Windows 7

    I upgraded from window xp family to an operating system of Windows 7 and my audio becomes mute,

    Please, how can I solve the problem?
    Thank you

    Hello

     

    (1) do you see any yellow exclamation or the symbol of the Red Cross for audio driver in Device Manager?

    (2) you download and install the latest drivers for the computer on the manufacturer's Web site?

    Here is the link: http://h20000.www2.hp.com/bizsupport/TechSupport/ProductList.jsp?lang=en&cc=us&taskId=135&prodTypeId=321957&prodSeriesId=499881

    (3) execute you troubleshooting methods referred to by zigzag3143x on July 19, 2012 in your previous post?

    Here is the article from the previous post: http://answers.microsoft.com/en-us/windows/forum/windows_7-sound/no-audio-device-installed/e80fae0f-f822-4392-a977-4ca65469d09b

    If you did not have the means of action, I suggest you perform the above troubleshooting methods and response with the result of the measures.

    I also suggest you use the below link to access the Device Manager and collect details.

    To open Device Manager, click Start, and then click Control Panel. Click performance and Maintenanceand then click System. In the hardware tab, click device, Manager

    Reference:--

    http://www.Microsoft.com/resources/documentation/Windows/XP/all/proddocs/en-us/snap_dev_mgr.mspx?mfr=true

  • CTRL-D to the transition from the one side?

    Used to be able to Ctrl-D to each side of an item on the CTI was at this side (beginning or end) now it always adds a double transition in the face of both ends of the clamp. I rarely do this, how I add the transition to one side using Ctrl-D or a Variant?

    Thank you!

    Make sure that the clip is not selected.

  • How to bind the mapping of input parameter in the process using the OMB more flow

    Hello

    I've created a workflow process with a map.
    This mapping is an input parameter, I want to link to a variable using OMBPlus

    OMBALTER PROCESS_FLOW '$process' VALUES of CHANGE of PARAMETER 'P_EOD_DATE_IN' SET PROPERTIES (BINDING) ("V_EOD_DATE") does not work as P_EOD_DATE is NOT a process parameter
    nor
    OMBALTER PROCESS_FLOW '$process' MODIFY PARAMETER ' $mapname/P_EOD_DATE_IN ' VALUES set PROPERTIES (BINDING) ("V_EOD_DATE") as the reference "$mapname/P_EOD_DATE_IN ' is not valid."

    Any suggestions?

    Best regards
    Klaus

    Hi Klaus,
    Look here {: identifier of the thread = 640397}

    Kind regards
    Oleg

  • Question about the transition from string values to the Partition clause in a merge statement

    Hi all

    I use the code to update the data of specific secondary partition using oracle merge statements below.

    I'm getting the name of the secondary partition and pass this string to the secondary partition clause.

    The Merge statement is a failure, indicating that the specified secondary partition does not exist. But the partition under do exists for the table.

    We use a server Oracle 11 GR 2.

    Here is the code I use to fill in the data.

    declare
    ln_min_batchkey PLS_INTEGER;
    ln_max_batchkey PLS_INTEGER;
    lv_partition_name VARCHAR2 (32767).
    lv_subpartition_name VARCHAR2 (32767).
    Start

    FOR m1 IN (SELECT (year_val + 1) AS year_val, year_val AS orig_year_val)
    FROM (SELECT DISTINCT
    To_char (batch_create_dt, 'YYYY') year_val
    OF stores_comm_mob_sub_temp
    ORDER BY 1)
    ORDER BY year_val)
    LOOP
    lv_partition_name: =.
    () scmsa_handset_mobility_data_build.fn_get_partition_name
    nom_table_p = > 'STORES_COMM_MOB_SUB_INFO ',.
    p_search_string = > m1.year_val);

    FOR m2
    IN (SELECT DISTINCT
    'M' || To_char (batch_create_dt, 'MM') AS month_val
    OF stores_comm_mob_sub_temp
    WHERE TO_CHAR (batch_create_dt, 'YYYY') = m1.orig_year_val)
    LOOP
    lv_subpartition_name: =.
    () scmsa_handset_mobility_data_build.fn_get_subpartition_name
    nom_table_p = > 'STORES_COMM_MOB_SUB_INFO ',.
    p_partition_name = > lv_partition_name,
    p_search_string = > m2.month_val);

    DBMS_OUTPUT. Put_line (' lv_subpartition_name = > ' | lv_subpartition_name |' and lv_partition_name = > ' | lv_partition_name);

    IF lv_subpartition_name IS NULL
    THEN
    DBMS_OUTPUT. Put_line ("to the INTERIOR of FI = > ' |") M2.month_val);
    INSERT INTO STORES_COMM_MOB_SUB_INFO (T1)
    T1.ntlogin,
    T1.first_name,
    T1.last_name,
    T1.job_title,
    T1.store_id,
    T1.batch_create_dt)
    SELECT t2.ntlogin,
    T2.first_name,
    T2.last_name,
    T2.job_title,
    T2.store_id,
    T2.batch_create_dt
    OF stores_comm_mob_sub_temp t2
    WHERE TO_CHAR (batch_create_dt, 'YYYY') = m1.orig_year_val
    AND'M '. To_char (batch_create_dt, 'MM') =
    M2.month_val;
    ELSIF lv_subpartition_name IS NOT NULL
    THEN
    DBMS_OUTPUT. Put_line (' INSIDE ELSIF = > ' | m2.month_val);
    MERGE (SELECT *)
    OF stores_comm_mob_sub_info
    SUBPARTITION (lv_subpartition_name)) T1
    USING (SELECT *)
    OF stores_comm_mob_sub_temp
    WHERE TO_CHAR (batch_create_dt, 'YYYY') =
    M1.orig_year_val
    AND'M '. To_char (batch_create_dt, 'MM') =
    M2.month_val) T2
    WE (T1.store_id = T2.store_id
    AND T1.ntlogin = T2.ntlogin)
    WHEN MATCHED
    THEN
    GAME UPDATE
    T1.postpaid_totalqty =
    (NVL (t1.postpaid_totalqty, 0))
    (+ NVL (t2.postpaid_totalqty, 0));
    T1.sales_transaction_dt =
    LARGEST)
    NVL (t1.sales_transaction_dt,
    T2.sales_transaction_dt),
    NVL (t2.sales_transaction_dt,
    T1.sales_transaction_dt)),
    T1.batch_create_dt =
    LARGEST)
    NVL (t1.batch_create_dt, t2.batch_create_dt),
    NVL (t2.batch_create_dt, t1.batch_create_dt))
    WHEN NOT MATCHED
    THEN
    INSERT (t1.ntlogin,
    T1.first_name,
    T1.last_name,
    T1.job_title,
    T1.store_id,
    T1.batch_create_dt)
    VALUES (t2.ntlogin,
    T2.first_name,
    T2.last_name,
    T2.job_title,
    T2.store_id,
    T2.batch_create_dt);
    END IF;
    END LOOP;
    END LOOP;

    COMMIT;

    end;
    /



    Really appreciate your input here.

    Thank you
    MK.

    Hello

    You can use "immediate execution" what works.

    Thank you

  • PL/dynamic sql to retrieve the data from the production server

    Hello

    I need to create a dynamic pl/sql program to retrieve all packages from the production server and store it on my local machine in another file.

    Thanks in advance.

    Hello

    user9963922 wrote:
    Hi Peter,.

    Thanks for the reply.
    I need make my block dynamic while in a single query, for different packages I can save it in another file with the same name as the package on my local machine.

    What is the problem with the suggestion of Peter? This is not 'dynamic' on this subject?
    To save the code in the files, use utl_file. Inside the loop, open, write, and close a file. If you need help, your zip code and a description of the specific problem.

    It is also possible to use only user_source table to accomplish the task.

    Yes, but it doesn't work for you own schema.
    If you do not use user_source, then you will not need any condition as

    and owner in ('')

  • Bug in the transition from the groups of tabs when the mouse is over a tab

    I use two groups of tabs, each around 3-10 tabs open. I press Ctrl +' to switch between groups of two tabs. Everything works fine except when I have the chance to have the mouse cursor positioned on a tab when I press Ctrl +'. In this case, Firefox seems to get confused and I get an unpredictable mixture of the two groups of tabs tabs. I have to then move mouse tab and then press Ctrl +' twice to the tab group good I tried to move on. It's boring.

    I think it started in FF29, but I'm not sure.

    First of all, I would like to confirm that it is a bug. Secondly, I would like to see it attaches. I tried to find info on this several times without success. Anyone know anything about this?

    Thank you.

    OK nevermind, I did some more research and found a bug in Bugzilla for it. The bug has been fixed and I've confirmed with a night generation. Looking forward from the set in a regular release.

  • during the transition from Outlook Express to Windows Live Mail, is the address book data stored and also the info in files

    I'm afraid that if I upgrade the form Outlook Express to Windows Live Mail, I will lose all e-mail addresses in my address book current as well as the information contained in the files - models etc.

    If you install WLMail on your XP machine, it has to import messages and addresses automatically and nothing will be lost of OE.
     
    If you like WLMail better than OE, you are a person better than I am.
     
    For specific questions from WLMail, ask here.
     
     
    PS It has nothing to do with Hotmail. I don't know where Christophe that came out of your post.

Maybe you are looking for