1

This is the PL/SQL code. I want to DBMS output the complete query as it is executed since it fails.

vSql := 'SELECT :p_nomeCampo FROM :vTable WHERE :vPkColumn = :p_id';
EXECUTE IMMEDIATE vSql INTO vOutput USING p_nomeCampo, vTable, vPkColumn, p_id;
Improve this question

1 Answer 1

Reset to default
4

Not directly answering the question, but it's probably failing because you can only bind variable values, not object names; so only :p_id is valid here. The best you can probably do is:

vSql := 'SELECT ' || p_nomeCampo || ' FROM ' || vTable
    || ' WHERE ' || vPkColumn || ' = :p_id';

Of course you need to be sure the values you have for p_nomeCampo, vTable and vPkColumn aren't susceptible to SQL injection.

It helps to show the error you're getting, though again in this case that's not directly the point of the question...

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

p_nomeCampo, vTable and vPkColumn aren't susceptible to SQL injection only if all values are coming from the software itself and not from the user interface.
yes they are coming from the previous query. There is no user interface.
I had to read the answer many times before understandig that you mean object names in the query!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.