[Home] [Help]
152: -- which has a limitation for converted length that it cannot
153: -- exceed 4000, otherwise it throws ORA-19011,
154: -- instead, we need to wrap xml column with xmltype.getclobval
155: if (l_data_type != 'XMLTYPE') then
156: l_theQuery := l_theQuery || DBMS_ASSERT.ENQUOTE_NAME(l_column_name);
157: else
158: l_theQuery := l_theQuery || 'xmltype.getclobval(' ||
159: DBMS_ASSERT.ENQUOTE_NAME(l_column_name) || ')';
160: end if;
155: if (l_data_type != 'XMLTYPE') then
156: l_theQuery := l_theQuery || DBMS_ASSERT.ENQUOTE_NAME(l_column_name);
157: else
158: l_theQuery := l_theQuery || 'xmltype.getclobval(' ||
159: DBMS_ASSERT.ENQUOTE_NAME(l_column_name) || ')';
160: end if;
161: end loop;
162: dbms_sql.close_cursor(l_cursor);
163:
160: end if;
161: end loop;
162: dbms_sql.close_cursor(l_cursor);
163:
164: l_theQuery := l_theQuery || ') from ' || DBMS_ASSERT.ENQUOTE_NAME(p_schema) || '.' || DBMS_ASSERT.ENQUOTE_NAME(p_obj) ||
165: ' where rowid = :x1 for update';
166:
167: l_cursor := dbms_sql.open_cursor;
168: sys.dbms_sys_sql.parse_as_user( l_cursor, l_theQuery, dbms_sql.v7);
194: begin
195: -- Verify that there is no SQL injection
196: validate_object_name (p_schema, p_obj);
197:
198: l_theQuery := 'select rowid, a.* from ' || DBMS_ASSERT.ENQUOTE_NAME(p_schema) || '.' || DBMS_ASSERT.ENQUOTE_NAME(p_obj) ||
199: ' a where rowid = :x1';
200:
201: l_cursor := dbms_sql.open_cursor;
202:
240: begin
241: -- Verify that there is no SQL injection
242: validate_object_name (p_schema, p_obj);
243:
244: l_theQuery := 'select * from ' || DBMS_ASSERT.ENQUOTE_NAME(p_schema) || '.' || DBMS_ASSERT.ENQUOTE_NAME(p_obj) ||
245: ' where rowid = :x1 for update';
246:
247: l_cursor := dbms_sql.open_cursor;
248: