API tools faq
paste
Advertisement
Guest User

Example That Bind Fails On Drop Table

a guest
Jul 21st, 2014
339
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 0.65 KB | None | 0 0
raw download clone embed print report
  1. CREATE OR REPLACE FUNCTION text_example (droptablBadWay varchar2) RETURN varchar2 AS
  2. BEGIN
  3.   --EXECUTE IMMEDIATE 'DROP TABLE '||droptablBadWay;--This leads to sql injection
  4.    EXECUTE IMMEDIATE 'DROP TABLE :example_tbl' USING droptablBadWay;
  5. EXCEPTION
  6.   WHEN OTHERS THEN
  7.     IF SQLCODE = -942 THEN
  8.       DBMS_OUTPUT.put_line('the table did not exist!');
  9.     ELSE
  10.       RAISE;
  11.     END IF;
  12. END;
  13. /
  14.  
  15. CREATE TABLE test_example_tbl
  16. (
  17.   oneCol varchar2(255)
  18. );
  19.  
  20. SELECT * FROM test_example_tbl;
  21.  
  22. SELECT text_example('test_example_tbl') FROM dual;
  23. SELECT * FROM text_example;
  24.  
  25. --clean up
  26. DROP FUNCTION text_example;
  27. DROP TABLE test_example_tbl;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!