Book Image

Oracle Advanced PL/SQL Developer Professional Guide

By : Saurabh K. Gupta
Book Image

Oracle Advanced PL/SQL Developer Professional Guide

By: Saurabh K. Gupta

Overview of this book

PL/SQL (Procedural Language/Structured Query Language) is Oracle Corporation's procedural extension language for SQL and the Oracle relational database. Server-side PL/SQL is stored and compiled in the Oracle Database and runs within the Oracle executable. With this guide Oracle developers can work towards accomplishing Oracle 11g Advanced PL/SQL Professional certification, which is the second milestone for developers working at the Associate level. The Oracle Advanced PL/SQL Developer Professional Guide helps you master advanced PL/SQL concepts. Besides the clear and precise explanation on advanced topics, it also contains example code and demonstrations, which gives a sense of application and usage to readers.The book gives a deep insight that will help transform readers from mid-level programmers to professional database developers. It aims to cover the advanced features of PL/SQL for designing and optimizing PL/SQL code.This book starts with an overview of PL/SQL as the programming database language and outlines the benefits and characteristics of the language. The book then covers the advanced features that include PL/SQL code writing using collections, tuning recommendations using result caching, implementing VPD to enforce row level security, and much more. Apart from programming, the book also dives deep into the usage of the development tool SQL Developer, employing best practices in database environments and safeguarding the vulnerable areas in PL/SQL code to avoid code injection.

Related Content you might be interested in

Current Title:

Small book image
Oracle Advanced PL/SQL Developer Professional Guide
Saurabh K. Gupta
May, 2012 | 440 pages
No titles found
Table of Contents (22 chapters)
Oracle Advanced PL/SQL Developer Professional Guide
Oracle Advanced PL/SQL Developer Professional Guide
Credits
Credits
Foreword
Foreword
About the Author
About the Author
Acknowledgement
Acknowledgement
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Overview of PL/SQL Programming Concepts
Overview of PL/SQL Programming Concepts
PL/SQL—the procedural aspect
PL/SQL development environments
Procedures
Functions
PL/SQL packages
Cursors—an overview
Exception handling in PL/SQL
Managing database dependencies
Reviewing Oracle-supplied packages
Summary
Practice exercise
2
Designing PL/SQL Code
Designing PL/SQL Code
Understanding cursor structures
Cursor variables
Subtypes
Summary
Practice exercise
3
Using Collections
Using Collections
Collections—an overview
Associative arrays
Nested tables
Varray
Collections—a comparative study
PL/SQL collection methods
Manipulating collection elements
Collection initialization
Summary
Practice exercise
4
Using Advanced Interface Methods
Using Advanced Interface Methods
Understanding external routines
Executing external C programs from PL/SQL
Executing Java programs from PL/SQL
Summary
Practice exercise
5
Implementing VPD with Fine Grained Access Control
Implementing VPD with Fine Grained Access Control
Fine Grained Access Control
VPD implementation—outline and components
VPD implementation—demonstrations
VPD policy metadata
Policy utilities—refresh and drop
Summary
Practice exercise
6
Working with Large Objects
Working with Large Objects
Introduction to the LOB data types
Understanding the LOB data types
Creating LOB data types
Managing LOB data types
Working with the CLOB, BLOB, and BFILE data types
Migrating from LONG to LOB
Using temporary LOBs
Summary
Practice exercise
7
Using SecureFile LOBs
Using SecureFile LOBs
Introduction to SecureFiles
Working with SecureFiles
Migration from BasicFiles to SecureFiles
Summary
Practice exercise
8
Compiling and Tuning to Improve Performance
Compiling and Tuning to Improve Performance
Native and interpreted compilation techniques
Tuning PL/SQL code
Enabling intra unit inlining
PRAGMA INLINE
Summary
Practice exercise
9
Caching to Improve Performance
Caching to Improve Performance
Introduction to result cache
Configuring the database for the server result cache
Implementing the result cache in SQL
Implementing result cache in PL/SQL
Summary
Practice exercise
10
Analyzing PL/SQL Code
Analyzing PL/SQL Code
Track coding information
Using SQL Developer to find coding information
Determining identifier types and usages
The DBMS_METADATA package
Summary
Practice exercise
11
Profiling and Tracing PL/SQL Code
Profiling and Tracing PL/SQL Code
Tracing the PL/SQL programs
Profiling the PL/SQL programs
Summary
Practice exercise
12
Safeguarding PL/SQL Code against SQL Injection Attacks
Safeguarding PL/SQL Code against SQL Injection Attacks
SQL injection—an introduction
Immunizing SQL injection attacks
Testing the code for SQL injection flaws
Summary
Practice exercise
Answers to Practice Questions
Answers to Practice Questions
Chapter 1, Overview of PL/SQL Programming Concepts
Chapter 2, Designing PL/SQL Code
Chapter 3, Using Collections
Chapter 4, Using Advanced Interface Methods
Chapter 5, Implementing VPD with Fine Grained Access Control
Chapter 6, Working with Large Objects
Chapter 7, Using SecureFile LOBs
Chapter 8, Compiling and Tuning to Improve Performance
Chapter 9, Caching to Improve Performance
Chapter 10, Analyzing PL/SQL Code
Chapter 11, Profiling and Tracing PL/SQL Code
Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks
Index
Index

Chapter 12, Safeguarding PL/SQL Code against SQL Injection Attacks

Question No.

Answer

Explanation

1

a, b, and c

Dynamic SQL is more prone to injective attacks. Static SQL must be preferred in major cases. In other cases, dynamic SQL must use bind variables.

2

a

If the SQL query identifiers are fixed for all the executions of a subprogram, static SQL can be used in the program.

3

a and d

SQL injection can lead to the leakage of confidential information and perform unauthorized activities.

4

a

The inputs from the application layer must be verified for purity before using in the application.

5

b

Statistical code analysis is used only for logical flow of the code but doesn't provide confirmation on the code vulnerability.

6

a

Fuzzing is a rough testing method to measure the resistivity and scalability of the program, which can discover the vulnerable areas of the code.

7

c and d

The DBMS_ASSERT.SQL_OBJECT_NAME subprogram validates the object contained in the current schema. The SIMPLE_SQL_NAME and QUALIFIED_SQL_NAME functions are used to verify the sanity of the SQL names.

8

b

The quoted identifier is used in queries enclosed within double quotes. Its meaning in the context is entirely different from the unquoted identifier.

9

b

ENQUOTE_LITERAL encloses a given string with single quotes.

10

a, c, and d

The Oracle keywords which implement dynamic SQL in the code are the most vulnerable areas in a PL/SQL code.

11

a and c

AUTHID CURRENT_USER eliminates the chances of SQL injection by executing a PL/SQL program with the rights of its invokers and not of the creator.

Previous Section
End of Chapter
Next Chapter