Example 7-2, "Dynamic SQL Procedure that Accepts Table Name and WHERE Clause". Example 7-4, "Dynamic SQL with BULK COLLECT INTO Clause". Example 7-5, "Dynamic SQL with RETURNING BULK COLLECT INTO Clause". Specifies a list of input and/or output bind arguments. The parameter mode defaults to IN. Usage Notes Except for multi-row queries, the dynamic string can contain any SQL statement (without the final semicolon) or any PL/SQL block (with the final semicolon). The default parameter mode is IN. For DML statements that have a RETURNING clause, you can place OUT arguments in the RETURNING INTO clause without specifying the parameter mode, which, by definition, is OUT.
Oracle Database Application Developer's Guide - Fundamentals. You can also search for "SQL injection" on the Oracle Technology Network at m/technology/ Examples For examples, see the following: Example 7-1, "Examples of Dynamic SQL".
Connecting to a DBMS Using the SQL Procedure Pass-Through Facility in. ORACLE or DB2). dbms-SQL-statement. This alias directs the EXECUTE statements to a.