book

Oracle Advanced PL/SQL Developer Professional Guide

Name: Oracle Advanced PL/SQL Developer Professional Guide
Author: Saurabh K. Gupta
ISBN: 9781849687225

by Saurabh K. Gupta

May 2012

Intermediate to advanced

440 pages

9h 1m

English

Packt Publishing

Read now

Unlock full access

Oracle Advanced PL/SQL Developer Professional Guide
Table of Contents
Oracle Advanced PL/SQL Developer Professional Guide
Credits
Foreword
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy Subscribe?Free Access for Packt account holdersInstant Updates on New Packt Books
Preface
What this book covers

What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Overview of PL/SQL Programming Concepts
PL/SQL—the procedural aspectMy first PL/SQL program
PL/SQL development environments
SQL DeveloperSQL Developer—the historyCreating a connectionSQL WorksheetExecuting a SQL statementCalling a SQL script from SQL DeveloperCreating and executing an anonymous PL/SQL blockDebugging the PL/SQL codeEditing and saving the scriptsSQL*PlusExecuting a SQL statement in SQL*PlusExecuting an anonymous PL/SQL block
Procedures
Executing a procedure
Functions
Function—execution methodsRestrictions on calling functions from SQL expressions
PL/SQL packages
Cursors—an overview
Cursor execution cycleCursor attributesCursor FOR loop
Exception handling in PL/SQL
System-defined exceptionsUser-defined exceptionsThe RAISE_APPLICATION_ERROR procedureException propagation
Managing database dependencies
Displaying the direct and indirect dependenciesDependency metadataDependency issues and enhancements
Reviewing Oracle-supplied packages
Summary
Practice exercise
2. Designing PL/SQL Code
Understanding cursor structuresCursor execution cycleCursor design considerationsCursor design—guidelinesCursor attributesImplicit cursorsExplicit cursors
Cursor variables
Ref cursor types—strong and weakSYS_REFCURSORProcessing a cursor variableCursor variables as argumentsCursor variables—restrictions
Subtypes
Subtype classificationOracle's predefined subtypesUser-defined subtypesType compatibility with subtypes
Summary
Practice exercise
3. Using Collections
Collections—an overviewCategorizationSelecting an appropriate collection type
Associative arrays
Nested tables
Nested table collection type as the database objectDML operations on nested table columnsInserting a nested table instanceSelecting a nested table columnUpdating the nested table instanceA nested table collection type in PL/SQLAdditional features of a nested table
Varray
Varray in PL/SQLVarray as a database collection typeDML operations on varray type columnsInserting a varray collection type instanceSelecting a varray columnUpdating the varray instance
Collections—a comparative study
Common characteristics of collection typesNested table versus associative arraysNested table versus varrays
PL/SQL collection methods
EXISTSCOUNTLIMITFIRST and LASTPRIOR and NEXTEXTENDTRIMDELETE
Manipulating collection elements
Collection initialization
Summary
Practice exercise
4. Using Advanced Interface Methods
Understanding external routinesArchitecture of external routinesOracle Net ConfigurationTNSNAMES.oraLISTENER.oraOracle Net Configuration verificationBenefits of external procedures
Executing external C programs from PL/SQL
Executing C program through external procedure—development steps
Executing Java programs from PL/SQL
Calling a Java class method from PL/SQLUploading a Java class into the database—development stepsThe loadjava utility—an illustrationCreating packages for Java class methods
Summary
Practice exercise
5. Implementing VPD with Fine Grained Access Control
Fine Grained Access ControlOverviewVirtual Private Database—the aliasHow FGAC or VPD works?Salient features of VPD
VPD implementation—outline and components
Application contextPolicy function definition and implementation of row-level securityAssociating a policy using the DBMS_RLS package
VPD implementation—demonstrations
Assignment 1—implementing VPD using simple security policyAssignment 2—implementing VPD using an application context
VPD policy metadata
Policy utilities—refresh and drop
Summary
Practice exercise
6. Working with Large Objects
Introduction to the LOB data typesInternal LOBExternal LOB
Understanding the LOB data types
LOB value and LOB locatorsBLOB or CLOB!BFILETemporary LOBs
Creating LOB data types
DirectoriesCreating LOB data type columns in a table
Managing LOB data types
Managing internal LOBsSecuring and managing BFILEsThe DBMS_LOB package—overviewSecurity modelDBMS_LOB constantsDBMS_LOB data typesDBMS_LOB subprogramsRules and regulationsInternal LOBsBFILEs
Working with the CLOB, BLOB, and BFILE data types
Initializing LOB data type columnsInserting data into a LOB columnPopulating a LOB data type using an external fileSelecting LOB dataModifying the LOB dataDelete LOB dataMiscellaneous LOB notesLOB column statesLocking a row containing LOBOpening and closing LOBsAccessing LOBsLOB restrictions
Migrating from LONG to LOB
Using temporary LOBs
Temporary LOB operationsManaging temporary LOBsValidating, creating, and freeing a temporary LOB
Summary
Practice exercise
7. Using SecureFile LOBs
Introduction to SecureFilesSecureFile LOB—an overviewArchitectural enhancements in SecureFilesSecureFile LOB features
Working with SecureFiles
SecureFile metadataEnabling advanced features in SecureFilesDeduplicationCompressionEncryption
Migration from BasicFiles to SecureFiles
Online Reefinition method
Summary
Practice exercise
8. Compiling and Tuning to Improve Performance
Native and interpreted compilation techniquesReal native compilationSelecting the appropriate compilation modeWhen to choose interpreted compilation mode?When to choose native compilation mode?Setting the compilation modeQuerying the compilation settingsCompiling a program unit for a native or interpreted compilationCompiling the database for PL/SQL native compilation (NCOMP)
Tuning PL/SQL code
Comparing SQL and PL/SQLAvoiding implicit data type conversionUnderstanding the NOT NULL constraintUsing the PLS_INTEGER data type for arithmetic operationsUsing a SIMPLE_INTEGER data typeModularizing the PL/SQL codeUsing bulk bindingUsing SAVE_EXCEPTIONSRephrasing the conditional control statementsConditions with an OR logical operatorConditions with an AND logical operator
Enabling intra unit inlining
PLSQL_OPTIMIZE_LEVEL—the Oracle initialization parameterCase 1—PLSQL_OPTIMIZE_LEVEL = 0Case 2—PLSQL_OPTIMIZE_LEVEL = 1Case 3—PLSQL_OPTIMIZE_LEVEL = 2Case 4—PLSQL_OPTIMIZE_LEVEL = 3
PRAGMA INLINE
Summary
Practice exercise
9. Caching to Improve Performance
Introduction to result cacheServer-side result cacheSQL query result cachePL/SQL function result cacheOCI client results cache
Configuring the database for the server result cache
The DBMS_RESULT_CACHE package
Implementing the result cache in SQL
Manual result cacheAutomatic result cacheResult cache metadataQuery result cache dependenciesCache memory statisticsInvalidation of SQL result cacheDisplaying the result cache memory reportRead consistency of the SQL result cacheLimitation of SQL result cache
Implementing result cache in PL/SQL
The RESULT_CACHE clauseCross-session availability of cached resultsInvalidation of PL/SQL result cacheLimitations of PL/SQL function result cacheArgument and return type restrictionsFunction structural restrictions
Summary
Practice exercise
10. Analyzing PL/SQL Code
Track coding information[DBA | ALL | USER]_ARGUMENTS[DBA | ALL | USER]_OBJECTS[DBA | ALL | USER]_SOURCE[DBA | ALL | USER]_PROCEDURES[DBA | ALL | USER]_DEPENDENCIES
Using SQL Developer to find coding information
The DBMS_DESCRIBE packageDBMS_UTILITY.FORMAT_CALL_STACKTracking propagating exceptions in PL/SQL code
Determining identifier types and usages
The PL/Scope toolThe PL/Scope identifier collectionThe PL/Scope reportIllustrationApplications of the PL/Scope report
The DBMS_METADATA package
DBMS_METADATA data types and subprogramsParameter requirementsThe DBMS_METADATA transformation parameters and filtersWorking with DBMS_METADATA—illustrationsCase 1—retrieve the metadata of a single objectCase 2—retrieve the object dependencies on the F_GET_LOC functionCase 3—retrieve system grants on the ORADEV schemaCase 4—retrieve objects of function type in the ORADEV schema
Summary
Practice exercise
11. Profiling and Tracing PL/SQL Code
Tracing the PL/SQL programsThe DBMS_TRACE packageInstalling DBMS_TRACEDBMS_TRACE subprogramsThe PLSQL_DEBUG parameter and the DEBUG optionViewing the PL/SQL trace informationDemonstrating the PL/SQL tracing
Profiling the PL/SQL programs
Oracle hierarchical profiler—the DBMS_HPROF packageView profiler informationDemonstrating the profiling of a PL/SQL programThe plshprof utilitySample reports
Summary
Practice exercise
12. Safeguarding PL/SQL Code against SQL Injection Attacks
SQL injection—an introductionSQL injection—an overviewTypes of SQL injection attacksPreventing SQL injection attacks
Immunizing SQL injection attacks
Reducing the attack's surfaceControlling user privilegesInvoker's and definer's rightsAvoiding dynamic SQLBind argumentsSanitizing inputs using DBMS_ASSERTThe DBMS_ASSERT packageIdentifier formatting and verification processDBMS_ASSERT—usage guidelinesDBMS_ASSERT—limitations
Testing the code for SQL injection flaws
Test strategyReviewing the codeStatic code analysisFuzz toolsGenerating test cases
Summary
Practice exercise
A. Answers to Practice Questions
Chapter 1, Overview of PL/SQL Programming Concepts
Chapter 2, Designing PL/SQL Code
Chapter 3, Using Collections
Chapter 4, Using Advanced Interface Methods
Chapter 5, Implementing VPD with Fine Grained Access Control
Chapter 6, Working with Large Objects
Chapter 7, Using SecureFile LOBs
Chapter 8, Compiling and Tuning to Improve Performance
Chapter 9, Caching to Improve Performance
Chapter 10, Analyzing PL/SQL Code
Chapter 11, Profiling and Tracing PL/SQL Code
Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks
Index

Content preview from Oracle Advanced PL/SQL Developer Professional Guide

Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks

Question No.	Answer	Explanation
1	a, b, and c	Dynamic SQL is more prone to injective attacks. Static SQL must be preferred in major cases. In other cases, dynamic SQL must use bind variables.
2	a	If the SQL query identifiers are fixed for all the executions of a subprogram, static SQL can be used in the program.
3	a and d	SQL injection can lead to the leakage of confidential information and perform unauthorized activities.
4	a	The inputs from the application layer must be verified for purity before using in the application.
5	b	Statistical code analysis is used only for logical flow of the code but doesn't provide confirmation on the code vulnerability.
6

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Oracle PL/SQL Programming: A Developer's Workbook

Publisher Resources

ISBN: 9781849687225Other

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Oracle Advanced PL/SQL Developer Professional Guide

by Saurabh K. Gupta

Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.