Home
Search results “Parameterized view oracle”
What are types of View available in Oracle
 
05:10
What are the types of View available in Oracle? Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg
Views: 10093 Ram Gupta
What is Parameterized Cursor in Oracle
 
03:39
What is Parameterized Cursor in Oracle. In simple words a cursor with parameter is called parameterized cursor. PL/SQL allows developer to pass parameters into cursors. Same as like we can pass parameter into function and procedure. PL/SQL Parameterized cursor pass the parameters into a cursor and use them in to query. Cursor becomes more reusable using Cursor parameters. PL/SQL Parameterized cursor define only data type of parameter and not need to define it's length. In Parameterized cursor scope of the parameters are local within program only. Optionally, we can also give a default value for the parameter, which will take effect if no value is passed to the cursor. Key point 1. Scope of the parameters are locally 2. You can assign default value to a cursor parameter. 3. Cursor becomes more reusable with Cursor parameters. 4.PL/SQL Parameterized cursor define only data type of parameter and not need to define it's length. Please Leave your comments about this video and you can leave your question also for new videos. -------------------------------------------------------------------------------- Join our group on Facebook https://www.facebook.com/groups/146487615764170/ -------------------------------------------------------------------------------- Visit our blog http://oracletemple.blogspot.in/ -------------------------------------------------------------------------------- Useful plsql books link. http://goo.gl/XMy0tt ------------------------------------------------- Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg
Views: 6909 Ram Gupta
PL/SQL tutorial 28: Cursor Parameter In Oracle Database By Manish Sharma
 
04:54
Learn How To Create Parameterized cursor in Oracle Database with easy to understand example by Manish Sharma ------------------------------------------------------------------------ ►►►LINKS◄◄◄ Blog : http://bit.ly/cursor-parameter Previous Tutorial ► Create Explicit Cursor: https://youtu.be/3q7dW_d2KVc ►Cursors : https://youtu.be/_snAMqCBitg ------------------------------------------------------------------------- ►►►Let's Get Free Uber Cab◄◄◄ Use Referral Code UberRebellionRider and get $20 free for your first ride. ------------------------------------------------------------------------- ►Make sure you SUBSCRIBE and be the 1st one to see my videos! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ►►►Find me on Social Media◄◄◄ Follow What I am up to as it happens on https://twitter.com/rebellionrider https://www.facebook.com/imthebhardwaj http://instagram.com/rebellionrider https://plus.google.com/+Rebellionrider http://in.linkedin.com/in/mannbhardwaj/ http://rebellionrider.tumblr.com/ http://www.pinterest.com/rebellionrider/ ___Facebook Official Page___ https://www.facebook.com/RebellionRider.official/ You can also Email me at for E-mail address please check About section Please please LIKE and SHARE my videos it makes me happy. Thanks for liking, commenting, sharing and watching more of our videos This is Manish from RebellionRider.com ♥ I LOVE ALL MY VIEWERS AND SUBSCRIBERS
Views: 42951 Manish Sharma
Oracle : Stored Procedure with Input and Output Parameters
 
04:04
Java Source Code here: http://ramj2ee.blogspot.com/2015/07/oracle-stored-procedure-with-input-and.html Oracle : Stored Procedure with Input and Output Parameters JavaEE Tutorials and Sample code - Click here : http://ramj2ee.blogspot.in/
Views: 36567 Ram N
PLS-22: Using Parameters in PL/SQL Procedure
 
17:43
Parameters in PL/SQL Procedure For Full Course Experience Please Go To http://mentorsnet.org/course_preview?course_id=5 Full Course Experience Includes 1. Access to course videos and exercises 2. View & manage your progress/pace 3. In-class projects and code reviews 4. Personal guidance from your Mentors
Views: 38344 Oresoft LWC
PLS-10: Oracle Pl/SQL Cursors With Parameters
 
11:09
Oracle PL/SQL For Full Course Experience Please Go To http://mentorsnet.org/course_preview?course_id=5 Full Course Experience Includes 1. Access to course videos and exercises 2. View & manage your progress/pace 3. In-class projects and code reviews 4. Personal guidance from your Mentors
Views: 40284 Oresoft LWC
What is View in PL SQL
 
03:56
What is a View What are the Advantages of Views. For More detail you can visit our facebook Page , Facebook Group our blog Facebook Page https://www.facebook.com/SQL-PLSQL-Developer-Interview-QA-249157952111412/?ref=page_internal ------------------------------------------------- Join our group on Facebook https://www.facebook.com/groups/14648... -------------------------------------------------------------------------------- Visit our blog http://oracletemple.blogspot.in/ -------------------------------------------------------------------------------- Useful plsql books link. http://goo.gl/XMy0tt ------------------------------------------------- Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwH... What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFa... What are Constraints available in Oracle. https://www.youtube.com/watch?v=Wivhd... What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNC... 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTt... What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ...
Views: 16621 Ram Gupta
How To Parameterize SQL Table Names
 
02:48
Do you know how to safely pass in a table name or column name parameter value into your dynamic SQL query? sp_executesql won't allow you to parameterize SQL object names. You have to revert back to building dynamic SQL and appending those parameter values to your SQL string. In this video we examine how to do so safely without opening yourself up to SQL injection attacks. Links below. Blog post with example queries: https://bertwagner.com/2017/09/05/how-to-safely-parameterize-table-names/ Follow me on Twitter: https://twitter.com/bertwagner Want to receive my latest weekly blog posts and videos in your inbox? Sign up for the newsletter here: https://upscri.be/c77fc8/
Views: 1383 Bert Wagner
Tutorial : Creating Parameterized Report in Oracle APEX 5.
 
13:12
This simple video shows how to create a parameterized report in Oracle APEX 5.
Views: 11365 Oracle Testlab
How to view parameters in an Oracle Database
 
01:06
Details how to use sqlplus either as "sysdba" or as a database user to query database parameters.
Views: 633 Michael Wilson
Tutorial 44 - IN , OUT & INOUT parameters
 
09:01
Learn about IN , OUT & INOUT parameters in PostgreSQL.
Views: 9501 Programming Guru
Dynamic Power BI reports using Parameters
 
12:21
In this video, Patrick shows you how you can use a parameter, within a Power BI report, to dynamically change the data in a report. This uses M Functions within Power Query and a second source that has the key values to pull. Then using a gateway to enable refresh. LET'S CONNECT! Guy in a Cube -- https://guyinacube.com -- http://twitter.com/guyinacube -- http://www.facebook.com/guyinacube -- Snapchat - guyinacube -- https://www.instagram.com/guyinacube/ ***Gear*** Check out my Tools page - https://guyinacube.com/tools/
Views: 93951 Guy in a Cube
Table valued parameters in SQL Server
 
06:46
table valued parameters example send table variable to stored procedure pass table variable as parameter to stored procedure pass table variable to sql stored procedure In this video we will discuss table valued parameters in SQL Server. Table Valued Parameter is a new feature introduced in SQL SERVER 2008. Table Valued Parameter allows a table (i.e multiple rows of data) to be passed as a parameter to a stored procedure from T-SQL code or from an application. Prior to SQL SERVER 2008, it is not possible to pass a table variable as a parameter to a stored procedure. Let us understand how to pass multiple rows to a stored procedure using Table Valued Parameter with an example. We want to insert multiple rows into the following Employees table. SQL Script to create the Employees table Create Table Employees ( Id int primary key, Name nvarchar(50), Gender nvarchar(10) ) Go Step 1 : Create User-defined Table Type CREATE TYPE EmpTableType AS TABLE ( Id INT PRIMARY KEY, Name NVARCHAR(50), Gender NVARCHAR(10) ) Go Step 2 : Use the User-defined Table Type as a parameter in the stored procedure. Table valued parameters must be passed as read-only to stored procedures, functions etc. This means you cannot perform DML operations like INSERT, UPDATE or DELETE on a table-valued parameter in the body of a function, stored procedure etc. CREATE PROCEDURE spInsertEmployees @EmpTableType EmpTableType READONLY AS BEGIN INSERT INTO Employees SELECT * FROM @EmpTableType END Step 3 : Declare a table variable, insert the data and then pass the table variable as a parameter to the stored procedure. DECLARE @EmployeeTableType EmpTableType INSERT INTO @EmployeeTableType VALUES (1, 'Mark', 'Male') INSERT INTO @EmployeeTableType VALUES (2, 'Mary', 'Female') INSERT INTO @EmployeeTableType VALUES (3, 'John', 'Male') INSERT INTO @EmployeeTableType VALUES (4, 'Sara', 'Female') INSERT INTO @EmployeeTableType VALUES (5, 'Rob', 'Male') EXECUTE spInsertEmployees @EmployeeTableType That's it. Now select the data from Employees table and notice that all the rows of the table variable are inserted into the Employees table. In our next video, we will discuss how to pass table as a parameter to the stored procedure from an ADO.NET application Text version of the video http://csharp-video-tutorials.blogspot.com/2015/09/table-valued-parameters-in-sql-server.html Slides http://csharp-video-tutorials.blogspot.com/2015/09/table-valued-parameters-in-sql-server_17.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists
Views: 66605 kudvenkat
Call Stored Procedure with multiple parameters from Excel
 
05:16
Call Stored Procedure with multiple parameters or different parameter values from Excel SYNTAX: {CALL uspGetManagerEmployees (?)} My SQL Blog: https://sqlwithmanoj.com/ Check my SQL FB Page at: https://www.facebook.com/sqlwithmanoj
Views: 12277 SQL with Manoj
What is Mutation in oracle
 
09:22
After watching this video you can get clear understanding about Mutation error and how we can avoid mutation in program. Below is link for Useful Pl/SQL Books http://goo.gl/XMy0tt Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg
Views: 16407 Ram Gupta
Excel Magic Trick 1349: Power Query with Input Variables from Excel Sheet to Extract Records
 
18:02
Download File: http://people.highline.edu/mgirvin/excelisfun.htm See how to use Power Query (Get & Transform) with Input Variables from Excel Sheet to Extract Records and create a Revenue Report. Here are the steps: 1. (00:15) Introduction including Preview of Finished Solution and Preview of steps necessary to accomplish this goal. 2. (02:00) Import and transform Data Set, including removing Columns, Filter For Records and adding an extra Column to calculate Net Revenue using the Number.Round Power Query Function. 3. (06:38) Load Report to Sheet 4. (07:09) Import each Parameter/Criteria Table. 5. (07:36) Convert each Criteria Table to a single Text Item using the Record.Field Power Query Function. 6. (11:38) Declare and Insert Variables into M Code for Report 7. (14:10) Test Reporting System 8. (14:30) Create Recorded Macro To Refresh All and assign it to a Form button 9. (16:40) Test Macro and Reporting System 10. (17:25) Summary
Views: 79974 ExcelIsFun
Create Dynamic Query Parameters in Power BI Desktop  - Power BI Tips & Tricks #47
 
09:11
Create Dynamic Query Parameters, filter your reports with them and create a template using Power BI. Links mentioned in the video: Chris Webb blog: https://blog.crossjoin.co.uk/2016/08/30/data-driven-power-bi-desktop-parameters-using-list-queries/ Rio Summer Olympics Report: https://www.youtube.com/watch?v=tZXY9RZwd3U Download the sample report, #47 here: https://curbal.com/donwload-center SUBSCRIBE to learn more about Power and Excel BI! https://www.youtube.com/channel/UCJ7UhloHSA4wAqPzyi6TOkw?sub_confirmation=1 Our PLAYLISTS: - Join our DAX Fridays! Series: https://goo.gl/FtUWUX - Power BI dashboards for beginners: https://goo.gl/9YzyDP - Power BI Tips & Tricks: https://goo.gl/H6kUbP - Power Bi and Google Analytics: https://goo.gl/ZNsY8l ABOUT CURBAL: Website: http://www.curbal.com Contact us: http://www.curbal.com/contact ▼▼▼▼▼▼▼▼▼▼ If you feel that any of the videos, downloads, blog posts that I have created have been useful to you and you want to help me keep on going, here you can do a small donation to support my work and keep the channel running: https://curbal.com/product/sponsor-me Many thanks in advance! ▲▲▲▲▲▲▲▲▲▲ QUESTIONS? COMMENTS? SUGGESTIONS? You’ll find me here: ► Twitter: @curbalen, @ruthpozuelo ► Google +: https://goo.gl/rvIBDP ► Facebook: https://goo.gl/bME2sB #POWERBITIPS #CURBAL #POWERBI #MVP ► Linkedin: https://goo.gl/3VW6Ky
Views: 42781 Curbal
SQL Server Programming Part 2 - Stored Procedure Parameters
 
20:48
If you'd like to help fund Wise Owl's conversion of tea and biscuits into quality training videos you can click this link https://www.wiseowl.co.uk/donate?t=1 to make a donation. Thanks for watching! By Andrew Gould https://www.wiseowl.co.uk - Stored Procedures are extremely useful tools in SQL Server, and they become even more powerful when you use parameters to pass information to them. This video teaches you how to define a list of parameters for a stored procedure and how to call a parameterised procedure and pass information to it. You'll also learn how to create optional parameters with default values, how to handle NULLs passed to a procedure and, finally, how to use your procedure in other applications such as Reporting Services. You can read a written version of this tutorial here: https://www.wiseowl.co.uk/blog/s263/parameters.htm You can download the script to create the Movies database used in this video at the following link: https://www.wiseowl.co.uk/files/execise-question-files/qf-898.zip You can see the range of resources and courses we offer in SQL Server here: https://www.wiseowl.co.uk/sql/ Visit www.wiseowl.co.uk for more online training resources in Microsoft Excel, Microsoft Access, Microsoft PowerPoint, Microsoft Word, Microsoft Project, Microsoft Publisher, Microsoft Visio, SQL Server, Reporting Services, Analysis Services, Visual Studio, ASP.NET, VB.NET, C# and more!
Views: 169499 WiseOwlTutorials
Send datatable as parameter to stored procedure
 
09:27
how to pass datatable to stored procedure in c#.net pass datatable to stored procedure in sql server 2008 In this video we will discuss how to send datatable as parameter to stored procedure. This is continuation to Part 99. Please watch Part 99 from SQL Server tutorial before proceeding. In Part 99, we discussed creating a stored procedure that accepts a table as a parameter. In this video we will discuss how to pass a datatable from a web application to the SQL Server stored procedure. Here is what we want to do. 1. Design a webform to insert 5 employees at a time into the database table. 2. When "Insert Employees" button is clicked, retrieve the from data into a datatabe and then pass the datatable as a parameter to the stored procedure. 3. The stored procedure will then insert all the rows into the Employees table in the database. WebForm1.aspx.cs code using System; using System.Configuration; using System.Data; using System.Data.SqlClient; namespace Demo { public partial class WebForm1 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) {} private DataTable GetEmployeeData() { DataTable dt = new DataTable(); dt.Columns.Add("Id"); dt.Columns.Add("Name"); dt.Columns.Add("Gender"); dt.Rows.Add(txtId1.Text, txtName1.Text, txtGender1.Text); dt.Rows.Add(txtId2.Text, txtName2.Text, txtGender2.Text); dt.Rows.Add(txtId3.Text, txtName3.Text, txtGender3.Text); dt.Rows.Add(txtId4.Text, txtName4.Text, txtGender4.Text); dt.Rows.Add(txtId5.Text, txtName5.Text, txtGender5.Text); return dt; } protected void btnInsert_Click(object sender, EventArgs e) { string cs = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString; using (SqlConnection con = new SqlConnection(cs)) { SqlCommand cmd = new SqlCommand("spInsertEmployees", con); cmd.CommandType = CommandType.StoredProcedure; SqlParameter paramTVP = new SqlParameter() { ParameterName = "@EmpTableType", Value = GetEmployeeData() }; cmd.Parameters.Add(paramTVP); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } protected void btnFillDummyData_Click(object sender, EventArgs e) { txtId1.Text = "1"; txtId2.Text = "2"; txtId3.Text = "3"; txtId4.Text = "4"; txtId5.Text = "5"; txtName1.Text = "John"; txtName2.Text = "Mike"; txtName3.Text = "Sara"; txtName4.Text = "Pam"; txtName5.Text = "Todd"; txtGender1.Text = "Male"; txtGender2.Text = "Male"; txtGender3.Text = "Female"; txtGender4.Text = "Female"; txtGender5.Text = "Male"; } } Text version of the video http://csharp-video-tutorials.blogspot.com/2015/09/send-datatable-as-parameter-to-stored.html Slides http://csharp-video-tutorials.blogspot.com/2015/09/send-datatable-as-parameter-to-stored_18.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists
Views: 57841 kudvenkat
Power BI - Show Parameters in Report
 
03:41
In this video, you will learn how to display your parameter values in your report. This might come in handy if you want to show what the user enters into your Power BI parameters. To enroll in my introductory Power BI course: https://www.udemy.com/learn-power-bi-fast/?couponCode=CHEAPEST
Views: 3174 BI Elite
Oracle ADF Application Development - Creating LOVs
 
13:08
In this video, I've discussed about the process of creating LOVs based on a parameter in the ADF Form. In this process, I've also discussed about view accessors and parameterized view objects
Views: 1449 Oracle Fusion Hub
Oracle APEX - Create Form and Reports in APEX 18.1
 
07:50
Form -------------------------------------- The easiest way to create a form is to use a wizard. For example, the Form on Table or View Wizard creates one item for each column in a table. It also includes the necessary buttons and processes required to insert, update, and delete rows from the table using a primary key. Each region has a defined name and display position; all other attributes are items, buttons, processes, and branches. Creating Reports ----------------------------------------- In Oracle Application Express, a report is the formatted result of a SQL query. You can generate reports by selecting and running a built-in query, or by defining a report region based on a SQL query. Thanks so much for watching this video If you are the first one in my channel Please subscribe to the channel If you have any comments on this video, then definitely give it in the comment box Facebook page Link: https://www.facebook.com/orclapexbd/ Blog Link: http://orclapexbd.blogspot.com/
Views: 7441 Oracle Apex
Stored procedures in sql server   Part 18
 
20:11
In this video we will learn 1. What is a stored procedure 2. Stored Procedure example 3. Creating a stored procedure with parameters 4. Altering SP 5. Viewing the text of the SP 6. Dropping the SP 7. Encrypting stored procedure Text version of the video http://csharp-video-tutorials.blogspot.com/2012/08/stored-procedures-part-18.html Slides http://csharp-video-tutorials.blogspot.com/2013/08/part-18-stored-procedures.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists
Views: 758504 kudvenkat
ADF - Passing Parameter Value between Pages
 
07:15
ADF - Passing Parameter Value between Pages
Views: 33619 ShayJDev
Oracle Jdeveloper12c ADF - 6) How to execute Vo with parameter
 
08:01
1) what is NVL() in Oracle? 2) How to make View Object 3) How to execute parameter through Programmatically. Visit my Blog for more information .. https://parasshahjdeveloper12c.blogspot.in/2016/06/8-how-to-make-vo-parameterise.html
Views: 866 Paras Shah
Dynamic sql table name variable
 
11:59
Text version of the video http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-table-name-variable.html Slides http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-table-name-variable_20.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists In this video we will discuss how to pass table name dynamically for stored procedure in sql server. This is one of the sql questions that is very commonly asked. I have a web page with a textbox. When I enter a table name in the textbox and when I click "Load Data" button, we want to retrieve data from that respective table and display it on the page. Copy the SQL Script to create the tables from my blog using the link below http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-table-name-variable.html Create the following stored procedure. Notice we are passing table name as a parameter to the stored prcoedure. In the body of the stored procedure we are concatenating strings to build our dynamic sql statement. In our previous videos we discussed that this open doors for SQL injection. Create procedure spDynamicTableName @TableName nvarchar(100) As Begin Declare @sql nvarchar(max) Set @sql = 'Select * from ' + @TableName Execute sp_executesql @sql End So the obvious question that comes to our mind is, why are we not creating parameterised sql statement instead. The answers is we can't. SQL Server does not allow table names and column names to be passed as parameters. Notice in the example below, we are creating a parameterised query with @TabName as a parameter. When we execute the following code, the procedure gets created successfully. Create procedure spDynamicTableName1 @TableName nvarchar(100) As Begin Declare @sql nvarchar(max) Set @sql = 'Select * from @TabName' Execute sp_executesql @sql, N'@TabName nvarchar(100)', @TabName = @TableName End But when we try to execute it we get an error - Must declare the table variable "@TabName" Execute spDynamicTableName1 N'Countries' Add a Web Page to the project that we have been working with in our previous video. Name it "DynamicTableName.aspx". Copy and paste the HTML from my blog using the link below http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-table-name-variable.html Copy and paste the code from my blog in the code-behind page http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-table-name-variable.html At this point, run the application and type the following text in the "Table Name" textbox and click "Load Data" button. Notice "SalesDB" database is dropped. Our application is prone to SQL injection as we have implemented dynamic sql in our stored procedure by concatenating strings instead of using parameters. Employees; Drop database SalesDB One way to prevent SQL injection in this case is by using SQL Server built-in function - QUOTENAME(). We will discuss QUOTENAME() function in detail in our next video. For now understand that by default, this function wraps that string that is passed to it in a pair of brackets. SELECT QUOTENAME('Employees') returns [Employees] Modify the stored procedure to use QUOTENAME() function as shown below. Alter procedure spDynamicTableName @TableName nvarchar(100) As Begin Declare @sql nvarchar(max) Set @sql = 'Select * from ' + QUOTENAME(@TableName) Execute sp_executesql @sql End At this point, type the following text in the "Table Name" textbox and click "Load Data" button. Notice you will see a message - Invalid object name 'Employees; Drop database SalesDB'. Also "SalesDB" database is not dropped. Employees; Drop database SalesDB The entire text in "Table Name" textbox is wrapped in a pair of brackets by the QUOTENAME function and is treated as table name. Since we do have a table with the specified name, we get the error - Invalid object name.
Views: 26958 kudvenkat
PL/SQL tutorial 18: DDL Trigger with Schema Auditing Example
 
08:12
Learn how to create a DDL Trigger in Oracle Database with Schema Auditing Example where we will learn how to keep an any on which object is created, altered or drop and by who. Manish Sharma From RebellionRider ------------------------------------------------------------------------ ►►►LINKS◄◄◄ Blog : http://bit.ly/DDL-Trigger Previous Tutorial ►PL/SQL Tut 14 Triggers Introduction https://youtu.be/R3fvX_xf5P4 ► PL/SQL Tut 17 Table Backup Using DML Trigger https://youtu.be/jSv1LIlNKU0 ------------------------------------------------------------------------- ►►►Let's Get Free Uber Cab◄◄◄ Use Referral Code UberRebellionRider and get $20 free for your first ride. ------------------------------------------------------------------------- ►Make sure you SUBSCRIBE and be the 1st one to see my videos! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ►►►Find me on Social Media◄◄◄ Follow What I am up to as it happens on https://twitter.com/rebellionrider https://www.facebook.com/imthebhardwaj http://instagram.com/rebellionrider https://plus.google.com/+Rebellionrider http://in.linkedin.com/in/mannbhardwaj/ http://rebellionrider.tumblr.com/ http://www.pinterest.com/rebellionrider/ You can also Email me at for E-mail address please check About section Please please LIKE and SHARE my videos it makes me happy. Thanks for liking, commenting, sharing and watching more of our videos This is Manish from RebellionRider.com ♥ I LOVE ALL MY VIEWERS AND SUBSCRIBERS
Views: 47382 Manish Sharma
PL/SQL tutorial 50: Introduction to PL/SQL Collections in Oracle Database By Manish Sharma
 
03:29
Introduction to PL/SQL Collections in Oracle Database BY Manish Sharma. an array in Oracle Database is called Collection learn more. ------------------------------------------------------------------------ ►►►LINKS◄◄◄ Blog : http://bit.ly/intro-to-collections Previous Tutorial ► ------------------------------------------------------------------------- ►Make sure you SUBSCRIBE and be the 1st one to see my videos! ------------------------------------------------------------------------- ►►►Find me on Social Media◄◄◄ Follow What I am up to as it happens on https://twitter.com/rebellionrider http://instagram.com/rebellionrider https://plus.google.com/+Rebellionrider http://in.linkedin.com/in/mannbhardwaj/ ___Facebook Official Page of Manish Sharma___ https://www.facebook.com/TheRebellionRider/ ___Facebook Official Page of RebellionRider.com___ https://www.facebook.com/RebellionRider.official/ You can also Email me at for E-mail address please check the About section Please please LIKE and SHARE my videos it makes me happy. Thanks for liking, commenting, sharing and watching more of our videos This is Manish from RebellionRider.com ♥ I LOVE ALL MY VIEWERS AND SUBSCRIBERS
Views: 25800 Manish Sharma
pl sql tutorial in hindi lec 18(2) explicit parameterized cursor with nested cursor and nested loop
 
22:13
http://www.bitsinfotec.in/ explicit cursor in pl-sql in hindi, oracle pl-sql tutorial,nested cursor in pl-sql, neated loop with cursor in pl-sql in hindi
Views: 196 JavaTreePoint
How to pass parameters from one form to another in Oracle forms.
 
12:37
This tutorial is about oracle forms parameter passing while calling it from another form. How to pass parameters from one form to another form in Oracle forms, passing and manipulating parameters dynamically from one form to another.
Views: 10975 Subhroneel Ganguly
Dynamic sql output parameter
 
05:25
Text version of the video http://csharp-video-tutorials.blogspot.com/2017/05/dynamic-sql-output-parameter.html Slides http://csharp-video-tutorials.blogspot.com/2017/05/dynamic-sql-output-parameter_8.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists In this video we will discuss, how to use output parameters with dynamic sql. Let us understand this with an example. SQL script to create Employees table Create table Employees ( ID int primary key identity, FirstName nvarchar(50), LastName nvarchar(50), Gender nvarchar(50), Salary int ) Go Insert into Employees values ('Mark', 'Hastings', 'Male', 60000) Insert into Employees values ('Steve', 'Pound', 'Male', 45000) Insert into Employees values ('Ben', 'Hoskins', 'Male', 70000) Insert into Employees values ('Philip', 'Hastings', 'Male', 45000) Insert into Employees values ('Mary', 'Lambeth', 'Female', 30000) Insert into Employees values ('Valarie', 'Vikings', 'Female', 35000) Insert into Employees values ('John', 'Stanmore', 'Male', 80000) Go We want to write a dynamic sql statement that returns total number of male of female employees. If the gender value is specified as "Male", then the query should return total male employees. Along the same lines, if the the value for gender is "Female", then we should get total number of female employees. The following dynamic sql, will give us what we want. In this case, the query returns total number of "Male" employees. If you want the total number of female employees, simply set @gender='Female'. Declare @sql nvarchar(max) Declare @gender nvarchar(10) Set @gender = 'Male' Set @sql = 'Select Count(*) from Employees where [email protected]' Execute sp_executesql @sql, N'@gender nvarchar(10)', @gender At the moment we are not using output parameters. If you want the count of employees to be returned using an OUTPUT parameter, then we have to do a slight modification to the query as shown below. The key here is to use the OUTPUT keyword in your dynamic sql. This is very similar to using OUTPUT parameters with a stored procedure. Declare @sql nvarchar(max) Declare @gender nvarchar(10) Declare @count int Set @gender = 'Male' Set @sql = 'Select @count = Count(*) from Employees where [email protected]' Execute sp_executesql @sql, N'@gender nvarchar(10), @count int OUTPUT', @gender, @count OUTPUT Select @count The OUTPUT parameter returns NULL, if you forget to use OUTPUT keyword.. The following query returns NULL, as we removed the OUTPUT keyword from @count parameter Declare @sql nvarchar(max) Declare @gender nvarchar(10) Declare @count int Set @gender = 'Male' Set @sql = 'Select @count = Count(*) from Employees where [email protected]' Execute sp_executesql @sql, N'@gender nvarchar(10), @count int OUTPUT', @gender, @count Select @count
Views: 16682 kudvenkat
Prevent sql injection with dynamic sql
 
10:28
Text version of the video http://csharp-video-tutorials.blogspot.com/2017/04/prevent-sql-injection-with-dynamic-sql.html Slides http://csharp-video-tutorials.blogspot.com/2017/04/prevent-sql-injection-with-dynamic-sql_5.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists In this video we will discuss, how to prevent SQL injection when using dynamic SQL. In Part 140, we have implemented "Search Page" using dynamic SQL. Since we have used parameters to build our dynamic SQL statements, it is not prone to SQL Injection attack. This is an example of good dynamic SQL implementation. I have seen lot of software developers, not just the beginners but even experienced developers, buidling their dynamic sql queries by concatenating strings instead of using parameters without realizing that they are opening the doors for SQL Injection. Please check my blog at the following link for code used in the demo. http://csharp-video-tutorials.blogspot.com/2017/04/prevent-sql-injection-with-dynamic-sql.html Since we are concatenating the user input values to build the dynamic sql statement, the end user can very easily inject sql. Imagine, what happens for example, if the user enters the following in the "Firstname" textbox. ' Drop database SalesDB -- With the above SQL injected into the "Firstname" textbox, if you click the "Search" button, the following is the query which is sent to SQL server. This will drop the SalesDB. Select * from Employees where 1 = 1 AND FirstName = '' Drop database SalesDB --' On the other hand, if you use parameters to build your dynamic SQL statements, SQL Injection is not an issue. The following input in the "Firstname" textbox, would not drop the SalesDB database. ' Drop database SalesDB -- The text the user has provided in the "Firstname" textbox is treated as the value for @Firstname parameter. The following is the query that is generated and executed. exec sp_executesql N'Select * from Employees where 1 = 1 AND [email protected]',N'@FirstName nvarchar(26)',@FirstName=N''' Drop database SalesDB --' We don't have this problem of sql injection if we are using stored procedures. "SearchPageWithoutDynamicSQL.aspx" is using the stored procedure "spSearchEmployees" instead of dynamic SQL. The same input in the "Firstname" texbox on this page, would generate the following. Notice, whatever text we typed in the "Firstname" textbox is treated as the value for @FirstName parameter. exec spSearchEmployees @FirstName=N''' Drop database SalesDB --' An important point to keep in mind here is that if you have dynamic SQL in your stored procedure, and you are concatenating strings in that stored procedure to build your dynamic sql statements instead of using parameters, it is still prone to SQL injection. If this is not clear at the moment don't worry, we will discuss an example of this in out next video. So in summary, while dynamic sql provides great flexibility when implementing complicated logic with lot of permutations and combinations, if not properly implemented it may open doors for sql injection. Always use parameters to build dynamic sql statements, instead of concatenating user input values. Another benefit of using parameters to build dynamic sql statements is that it allows cached query plans to be reused, which greatly increases the performance. We will discuss an example of this in our upcoming videos.
Views: 21033 kudvenkat
Difference Between Case and Decode
 
06:03
What is the difference between case and decode ? Important links for Oracle Developers For for SQL - PL/SQL Interview Questions Answers Facebook group https://www.facebook.com/groups/146487615764170/ Download Free PLSQL Interview Books , Documents Videos from here https://www.facebook.com/groups/146487615764170/files/ Free SQL / PLSQL Video on YouTube Channel SUBSCRIBE https://www.youtube.com/c/ramguptaoracle?sub_confirmation=1 Visit oracle forms / report / SQL PLSQL blog http://oracletemple.blogspot.in/ Oracle Community Google+ https://plus.google.com/u/0/collection/4mW-jB Join our facebook group https://www.facebook.com/groups/146487615764170/ Follow us on Twitter https://twitter.com/Rameshwar275 Simply Like and Share :) Oracle SQL PLSQL FaceBook group https://www.facebook.com/groups/146487615764170/ ORACLE SQL PLSQL VIDEO LINKS What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg What are types of View available in Oracle https://www.youtube.com/edit?o=U&video_id=PN-NsSA2R-E
Views: 4119 Ram Gupta
Enhancing Tableau Data Queries
 
01:02:26
Speaker- Alex Lokhov, Alex Eskinasy Check out the various techniques for optimising live connections in Tableau. We will tackle techniques to optimise query performance from the Tableau side as well as the database side. Expect a recap of general performance tips in Tableau, an understanding of what happens under the covers (i.e. order of execution in Tableau, performance recording and implementation plan in a database), and a review of joins vs. blends vs. cross-database joins, performance implications, resulting queries, and more.
Views: 4219 Tableau Software
What is Autonomous transaction in Oracle
 
05:05
What is Autonomous transaction in Oracle. This is very frequently asking question in Interview. Hello Friend, in this Video You can learn how we can give the answer of Autonomous Transactions. An autonomous transaction is available from Oracle 8i. It is a very cool, useful, unique and powerful feature in oracle. An autonomous transaction is an independent transaction that is initiated by another transaction. It must contain at least one Structured Query Language (SQL) statement. When an autonomous transaction is called, the original transaction (calling transaction) is temporarily suspended. The autonomous transaction must commit or roll back before it returns control to the calling transaction. Once changes have been made by an autonomous transaction, those changes are visible to other transactions in the database. Autonomous transactions can be nested. For use Autonomous Transactions feature in program we have to use PRAGMA AUTONOMOUS_TRANSACTION Key word in Program When to use Autonomous Transactions? • Logging mechanism you need to log an error to your database log table. On the other hand, you need to roll back your core transaction because of the error. And you don't want to roll back over other log entries. • Commits and rollbacks in your database triggers If you define a trigger as an autonomous transaction, then you can commit and/or roll back in that code. • Software usage meter You want to keep track of how often a program is called during an application session. This information is not dependent on, and cannot affect, the transaction being processed in the application. Mutation Error Using autonomous transaction we can avoid mutation error. IF you want to share with your friend this video you can copy below block of text with link and past your friend group. ----------------------------------------------------------------------------- What is autonomous transaction in Oracle This is a very frequently ask Question in Interview Please Share this video with your friends and Oracle groups and communities. https://www.youtube.com/watch?v=gyvFajpfoWE ----------------------------------------------------------------------------- For More video's you can use blow link. https://www.youtube.com/user/rameshwargupta1/videos Join With us our Facebook Group for PLSQL Interview Q/A https://www.facebook.com/groups/146487615764170/ Join our Blogs http://oracletemple.blogspot.in/ Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg
Views: 14616 Ram Gupta
How to Delete the Duplicate Records in oracle
 
03:44
http://oracletemple.blogspot.in/ How to Delete the duplicate records How delete the duplicate rows ? Tips: - Always take extra caution while deleting records. 1. First identify the duplicates using select. 2. Double verify those are actual ‘duplicates’ or not 3. Take backup if necessary 4. Apply commit only if you are sure. -~-~~-~~~-~~-~- Please watch: "difference between delete and truncate" https://www.youtube.com/watch?v=7b6wQ3Qumgg -~-~~-~~~-~~-~- ------------------------------------------------------------------ Below is link for Useful Pl/SQL Books http://goo.gl/XMy0tt ---------------------------------------------------------- Watch More... What is Parameterized Cursor in Oracle https://www.youtube.com/watch?v=JMKwHlVi6-A What is autonomous transaction in Oracle. https://www.youtube.com/watch?v=gyvFajpfoWE What are Constraints available in Oracle. https://www.youtube.com/watch?v=WivhdLXQklQ What is Mutation Error and How to avoid mutation. https://www.youtube.com/watch?v=CbWNCyW18Bs 5 Effective way to delete Duplicate rows https://www.youtube.com/watch?v=1wtTtnc87Oc What is Difference between Delete and Truncate https://www.youtube.com/watch?v=7b6wQ3Qumgg
Views: 23483 Ram Gupta
part30 parameterreport
 
05:24
This video content is available in OERCOMMONS.ORG https://www.oercommons.org/authoring/21895-database-application-using-oracle-form-builder/view parameter report, dynamic report, run time query report
Views: 1715 Dr. Girija Narasimhan
Oracle ||  Diff between sql and pl/sql by Siva
 
08:20
DURGASOFT is INDIA's No.1 Software Training Center offers online training on various technologies like JAVA, .NET , ANDROID,HADOOP,TESTING TOOLS , ADF, INFORMATICA,TABLEAU,IPHONE,OBIEE,ANJULAR JS, SAP... courses from Hyderabad & Bangalore -India with Real Time Experts. Mail us your requirements to [email protected] so that our Supporting Team will arrange Demo Sessions. Ph:Call +91-8885252627,+91-7207212428,+91-7207212427,+91-8096969696. http://durgasoft.com http://durgasoftonlinetraining.com https://www.facebook.com/durgasoftware http://durgajobs.com https://www.facebook.com/durgajobsinfo............
Dynamic SQL in SQL Server
 
12:12
Text version of the video http://csharp-video-tutorials.blogspot.com/2017/03/dynamic-sql-in-sql-server.html Slides http://csharp-video-tutorials.blogspot.com/2017/03/dynamic-sql-in-sql-server_27.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists In this video we will discuss 1. What is Dynamic SQL 2. Simple example of using Dynamic SQL What is Dynamic SQL Dynamic SQL is a SQL built from strings at runtime. Simple example of using Dynamic SQL Here is the SQL Script to create Employees table and populate it with data Create table Employees ( ID int primary key identity, FirstName nvarchar(50), LastName nvarchar(50), Gender nvarchar(50), Salary int ) Go Insert into Employees values ('Mark', 'Hastings', 'Male', 60000) Insert into Employees values ('Steve', 'Pound', 'Male', 45000) Insert into Employees values ('Ben', 'Hoskins', 'Male', 70000) Insert into Employees values ('Philip', 'Hastings', 'Male', 45000) Insert into Employees values ('Mary', 'Lambeth', 'Female', 30000) Insert into Employees values ('Valarie', 'Vikings', 'Female', 35000) Insert into Employees values ('John', 'Stanmore', 'Male', 80000) Go One way to achieve this is by implementing a stored procedure as shown below that this page would call. Create Procedure spSearchEmployees @FirstName nvarchar(100), @LastName nvarchar(100), @Gender nvarchar(50), @Salary int As Begin Select * from Employees where (FirstName = @FirstName OR @FirstName IS NULL) AND (LastName = @LastName OR @LastName IS NULL) AND (Gender = @Gender OR @Gender IS NULL) AND (Salary = @Salary OR @Salary IS NULL) End Go The stored procedure in this case is not very complicated as we have only 4 search filters. What if there are 20 or more such filters. This stored procedure can get complex. To make things worse what if we want to specify conditions like AND, OR etc between these search filters. The stored procedure can get extremely large, complicated and difficult to maintain. One way to reduce the complexity is by using dynamic SQL as show below. Depending on for which search filters the user has provided the values on the "Search Page", we build the WHERE clause dynamically at runtime, which can reduce complexity. However, you might hear arguments that dynamic sql is bad both in-terms of security and performance. This is true if the dynamic sql is not properly implemented. From a security standpoint, it may open doors for SQL injection attack and from a performance standpoint, the cached query plans may not be reused. If properly implemented, we will not have these problems with dynamic sql. In our upcoming videos, we will discuss good and bad dynamic sql implementations. For now let's implement a simple example that makes use of dynamic sql. In the example below we are assuming the user has supplied values only for FirstName and LastName search fields. To execute the dynamicl sql we are using system stored procedure sp_executesql. sp_executesql takes two pre-defined parameters and any number of user-defined parameters. @statement - The is the first parameter which is mandatory, and contains the SQL statements to execute @params - This is the second parameter and is optional. This is used to declare parameters specified in @statement The rest of the parameters are the parameters that you declared in @params, and you pass them as you pass parameters to a stored procedure Declare @sql nvarchar(1000) Declare @params nvarchar(1000) Set @sql = 'Select * from Employees where [email protected] and [email protected]' Set @params = '@FirstName nvarchar(100), @LastName nvarchar(100)' Execute sp_executesql @sql, @params, @FirstName='Ben',@LastName='Hoskins' This is just the introduction to dynamic SQL. If a few things are unclear at the moment, don't worry. In our upcoming videos we will discuss the following 1. Implementing a real world "Search Web Page" with and without dynamic SQL 2. Performance and Security implications of dynamic sql. Along the way we will also discuss good and bad dynamic sql implementations. 3. Different options available for executing dynamic sql and their implications 4. Using dynamic sql in stored procedures and it's implications Once we discuss all the above, you will understand 1. The flexibility dynamic sql provides 2. Advantages and disadvantages of dynamic sql 3. When and when not to use dynamic sql
Views: 43611 kudvenkat
Dynamic SQL in Stored Procedure
 
09:32
In this video we will discuss, using dynamic sql in a stored procedure and it's implications from sql injection perspective. We will discuss performance implications of using dynamic sql in a stored procedure in a later video. Text version of the video http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure.html Slides http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure_11.html All SQL Server Text Articles http://csharp-video-tutorials.blogspot.com/p/free-sql-server-video-tutorials-for.html All SQL Server Slides http://csharp-video-tutorials.blogspot.com/p/sql-server.html All SQL Server Tutorial Videos https://www.youtube.com/playlist?list=PL08903FB7ACA1C2FB All Dot Net and SQL Server Tutorials in English https://www.youtube.com/user/kudvenkat/playlists?view=1&sort=dd All Dot Net and SQL Server Tutorials in Arabic https://www.youtube.com/c/KudvenkatArabic/playlists Consider the following stored procedure "spSearchEmployees". We implemented this procedure in Part 139 of SQL Server tutorial. This stored procedure does not have any dynamic sql in it. It is all static sql and is immune to sql injection. Create Procedure spSearchEmployees @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Select * from Employees where (FirstName = @FirstName OR @FirstName IS NULL) AND (LastName = @LastName OR @LastName IS NULL) AND (Gender = @Gender OR @Gender IS NULL) AND (Salary = @Salary OR @Salary IS NULL) End Go Whether you are creating your dynamic sql queries in a client application like ASP.NET web application or in a stored procedure, you should never ever concatenate user input values. Instead you should be using parameters. Notice in the following example, we are creating dynamic sql queries by concatenating parameter values, instead of using parameterized queries. This stored procedure is prone to SQL injection. Let's prove this by creating a "Search Page" that calls this procedure. Create Procedure spSearchEmployeesBadDynamicSQL @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Declare @sql nvarchar(max) Set @sql = 'Select * from Employees where 1 = 1' if(@FirstName is not null) Set @sql = @sql + ' and FirstName=''' + @FirstName + '''' if(@LastName is not null) Set @sql = @sql + ' and LastName=''' + @LastName + '''' if(@Gender is not null) Set @sql = @sql + ' and Gender=''' + @Gender + '''' if(@Salary is not null) Set @sql = @sql + ' and Salary=''' + @Salary + '''' Execute sp_executesql @sql End Go Add a Web Page to the project that we have been working with in our previous video. Name it "DynamicSQLInStoredProcedure.aspx". Copy and paste the HTML and code available on my blog at the following link http://csharp-video-tutorials.blogspot.com/2017/04/dynamic-sql-in-stored-procedure.html At this point, run the application and type the following text in the "Firsname" text and click "Search" button. Notice "SalesDB" database is dropped. Our application is prone to SQL injection as we have implemented dynamic sql in our stored procedure by concatenating strings instead of using parameters. ' Drop database SalesDB -- In the following stored procedure we have implemented dynamic sql by using parameters, so this is not prone to sql injecttion. This is an example for good dynamic sql implementation. Create Procedure spSearchEmployeesGoodDynamicSQL @FirstName nvarchar(100) = NULL, @LastName nvarchar(100) = NULL, @Gender nvarchar(50) = NULL, @Salary int = NULL As Begin Declare @sql nvarchar(max) Declare @sqlParams nvarchar(max) Set @sql = 'Select * from Employees where 1 = 1' if(@FirstName is not null) Set @sql = @sql + ' and [email protected]' if(@LastName is not null) Set @sql = @sql + ' and [email protected]' if(@Gender is not null) Set @sql = @sql + ' and [email protected]' if(@Salary is not null) Set @sql = @sql + ' and [email protected]' Execute sp_executesql @sql, N'@FN nvarchar(50), @LN nvarchar(50), @Gen nvarchar(50), @sal int', @[email protected], @[email protected], @[email protected], @[email protected] End Go On the code-behind page, use stored procedure spSearchEmployeesGoodDynamicSQL instead of spSearchEmployeesBadDynamicSQL. We do not have to change any other code. At this point run the application one more time and type the following text in the "Firstname" textbox and click the "Search" button. ' Drop database SalesDB -- Notice "SalesDB" database is not dropped, So in this case our application is not succeptible to SQL injection attack. Summary : Whether you are creating dynamic sql in a client application (like a web application) or in a stored procedure always use parameters instead of concatnating strings. Using parameters to create dynamic sql statements prevents sql injection.
Views: 34881 kudvenkat
Passing parameter to Bounded Task Flow Oracle ADF JDeveloper 11g 11.1.1.6
 
09:09
This video is a short (~9 min) video on how to pass values from a JSFF (page fragment) page to a bounded task flow using "input parameter" bound to the Task Flow - In the process, it also shows how to create an Application and setup a basic task flow and calling another task flow and then running as JSPX page. it uses Oracle ADF JDeveloper 11g v11.1.1.6
Views: 12305 Joel Thompson
WAS: Logs and Traces - Part 4 - View DB2 SQL statements in Parameterized Queries
 
07:13
This IBM Counter Fraud Management (ICFM), or ICFM, technical support video explains WAS Logs and Traces View full DB2 SQL statements in Parameterized Quereis
Oracle Hyperion HFM Introduction | HFM Holistic View
 
01:02:05
For complete professional training visit at: http://www.bisptrainings.com/course/HFM-and-FCCS Follow us on Facebook: https://www.facebook.com/bisptrainings/ Follow us on Twitter: https://twitter.com/bisptrainings Email: [email protected] Call us: +91 975-275-3753 or +1 386-279-6856
Views: 1892 Amit Sharma
Spring2016 - Create Parameter Based Report in APEX
 
09:59
!!PLEASE SWITCH PLAYBACK to 1080P!! - https://support.google.com/youtube/answer/91449?hl=en How to create a parameter based report using bind variables and page items in Oracle APEX
Mastering Oracle APEX Messages - Lesson 3
 
11:18
Learn how to create prepared PL/SQL messages for your APEX application. See http://www.skillbuilders.com/how-to-oracle-apex-messages to view all lessons, free.
Views: 680 SkillBuilders
Oracle APEX -  Design Card Reports on Oracle APEX
 
09:16
Developer:MD.Abdullah Al Mamun contact -01827712531
Views: 8939 Oracle Apex
lec 18(1) explicit parameterized cursor in hindi (with nested loop and with nested cursor)
 
16:12
http://www.bitsinfotec.in/ nested cursor with nested loop in pl sql in hindi,pl sql cursor in hindi
Views: 271 JavaTreePoint
Tableau: Custom  SQL
 
07:38
Custom SQL enables the user to prepare the charts based on data which we retrieved through SQL queries. Instead of running the the program on entire table we are going to create charts with the selected data through custom sql
Views: 20302 Pavan Kumar