- Prefix all calls to DBMS_ASSERT with the SYS schema name.
- Escape single quotes when you use the ENQUOTE_LITERAL procedure.
- Define and raise exceptions explicitly to handle DBMS_ASSERT exceptions.
- Verify qualified SQL names.
- Verify an existing schema name.
- Enclose string literals within double quotation marks.
Monday, January 06, 2014
Actions can be performed by using the DBMS_ASSERT package to prevent SQL injection
Subscribe to:
Post Comments (Atom)