If you need to write a SQL statement but do not know all the elements of it, you might need dynamic SQL. With dynamic SQL, the actual SQL clause is built during the execution. For instance, dynamic SQL can be used when you do not know the columns in the SELECT part of the query or the table names in the FROM part of the query, or if the WHERE part of the query is unknown before run time. Dynamic SQL should be used only if you are not able to do what’s needed using static SQL. Dynamic SQL can only be used in PL/SQL.
SQL injection is seen as a big security risk while using dynamic SQL. If you are not already familiar with SQL ...