PL/SQL in Oracle 12c. Arup Nanda Longtime Oracle DBA



Similar documents
VARRAY AND NESTED TABLE

Oracle PL/SQL Injection

NEW AND IMPROVED: HACKING ORACLE FROM WEB. Sumit sid Siddharth 7Safe Limited UK

Handling PL/SQL Errors

Oracle For Beginners Page : 1

Making the Most of Oracle PL/SQL Error Management Features

Review your answers, feedback, and question scores below. An asterisk (*) indicates a correct answer.

Hacking and Protecting Oracle DB. Slavik Markovich CTO, Sentrigo

Training Guide. PL/SQL for Beginners. Workbook

Review your answers, feedback, and question scores below. An asterisk (*) indicates a correct answer.

OPP ODTUG Kaleidoscope. An ODTUG SP* Oracle PL/SQL Programming Conference. WOW-Wide Open World, Wide Open Web!

Advanced SQL Injection in Oracle databases. Esteban Martínez Fayó

Handling Exceptions. Copyright 2008, Oracle. All rights reserved.


Handling Exceptions. Schedule: Timing Topic 45 minutes Lecture 20 minutes Practice 65 minutes Total

Error Management in Oracle PL/SQL

Oracle Database: Program with PL/SQL

Oracle Database: Program with PL/SQL

Creating PL/SQL Blocks. Copyright 2007, Oracle. All rights reserved.

Handling Exceptions. Copyright 2006, Oracle. All rights reserved. Oracle Database 10g: PL/SQL Fundamentals 8-1

Handling Exceptions. Schedule: Timing Topic. 45 minutes Lecture 20 minutes Practice 65 minutes Total

Oracle Database: Program with PL/SQL

Oracle PL/SQL Best Practices

Writing Control Structures

The Sins of SQL Programming that send the DB to Upgrade Purgatory Abel Macias. 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Oracle 12c New Features For Developers

14 Triggers / Embedded SQL

Oracle For Beginners Page : 1

Oracle Database: Develop PL/SQL Program Units

ORACLE 9I / 10G / 11G / PL/SQL COURSE CONTENT

SQL Tuning Without Trying

Oracle Database 11g: Advanced PL/SQL

Oracle PL/SQL Language. CIS 331: Introduction to Database Systems

PROCEDURES, FUNCTIONS AND PACKAGES

Oracle 11g PL/SQL training

Oracle Database: Program with PL/SQL

PL/SQL Overview. Basic Structure and Syntax of PL/SQL

Handling PL/SQL Errors

Best Practices for Dynamic SQL

Virtual Private Database Features in Oracle 10g.

Oracle Internal & Oracle Academy

Oracle Database: Program with PL/SQL

Oracle Database 11g: Program with PL/SQL

Oracle Database 12c: SQL Tuning for Developers. Sobre o curso. Destinatários. Oracle - Linguagens. Nível: Avançado Duração: 18h

1 Stored Procedures in PL/SQL 2 PL/SQL. 2.1 Variables. 2.2 PL/SQL Program Blocks

PL/SQL Programming Workbook

Procedural Extension to SQL using Triggers. SS Chung

Developing SQL and PL/SQL with JDeveloper

Oracle Database 11g Express Edition PL/SQL and Database Administration Concepts -II

Oracle For Beginners Page : 1

Topics Advanced PL/SQL, Integration with PROIV SuperLayer and use within Glovia

Programming Database lectures for mathema

COMS20700 DATABASES 13 PL/SQL. COMS20700 Databases Dr. Essam Ghadafi

DECLARATION SECTION. BODY STATEMENTS... Required

Database programming 20/08/2015. DBprog news. Outline. Motivation for DB programming. Using SQL queries in a program. Using SQL queries in a program

6b Continuing Past Exceptions

2. DECODE Function, CASE Expression

d)execute and test the PL/SQL block for the countries with the IDs CA, DE, UK, US.

What is the value of SQL%ISOPEN immediately after the SELECT statement is executed? Error. That attribute does not apply for implicit cursors.

PL / SQL Basics. Chapter 3

SQL Injection in web applications

CSC 443 Database Management Systems. The SQL Programming Language

Oracle Insurance Policy Administration

Using TimesTen between your Application and Oracle. between your Application and Oracle. DOAG Conference 2011

1 Triggers. 2 PL/SQL Triggers

Database Programming with PL/SQL: Learning Objectives

When an exception occur a message which explains its cause is received. PL/SQL Exception message consists of three parts.

Oracle Database 10g: Program with PL/SQL

Oracle Database: SQL and PL/SQL Fundamentals

Using SQL Developer. Copyright 2008, Oracle. All rights reserved.

ODTUG - SQL Injection Crash Course for Oracle Developers

In This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.

Exadata for Oracle DBAs. Longtime Oracle DBA

Overview of PL/SQL. About PL/SQL

Oracle Database: SQL and PL/SQL Fundamentals

9 Using Triggers. Using Triggers 9-1

Exploiting PL/SQL Injection on Oracle 12c. with only. CREATE SESSION privileges

3.GETTING STARTED WITH ORACLE8i

ORACLE 10g Job Scheduler

Real Life Database Security Mistakes. Stephen Kost Integrigy Corporation Session #715

2. Which of the following declarations is invalid? Mark for Review (1) Points

Course -Oracle 10g SQL (Exam Code IZ0-047) Session number Module Topics 1 Retrieving Data Using the SQL SELECT Statement

PL/SQL Developer 7.1 User s Guide. March 2007

Chapter 8: Introduction to PL/SQL 1

Oracle Database: SQL and PL/SQL Fundamentals NEW

Introduction to SQL Tuning. 1. Introduction to SQL Tuning SkillBuilders, Inc. SKILLBUILDERS

Objectives. Oracle SQL and SQL*PLus. Database Objects. What is a Sequence?

Guide to SQL Programming: SQL:1999 and Oracle Rdb V7.1

Answers to the Try It Yourself Sections

PL/SQL Programming Concepts: Review. Copyright 2004, Oracle. All rights reserved.

Oracle Data Miner (Extension of SQL Developer 4.0)

SQL Activity Runaway sessions Session information. SQL Activity Concurrent Request runaways. Database sessions Concurrent Requests

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:

An Oracle White Paper June RESTful Web Services for the Oracle Database Cloud - Multitenant Edition

Introduction to PL/SQL Programming

Proactive Performance Monitoring Using Metric Extensions and SPA

Subqueries Chapter 6

Elena Baralis, Silvia Chiusano Politecnico di Torino. Pag. 1. Active database systems. Triggers. Triggers. Active database systems.

Data Masking. Procedure

1 Changes in this release

Transcription:

Arup Nanda Longtime Oracle DBA

Agenda PL/SQL has evolved over the years Adoption is still bit challenged Binding with Java SQL to PL/SQL context switching is slow Notable PL/SQL features you should know Will not cover 11g new features Lots of demos Downloadable scripts 2

Setup begin for i in 1..100000 loop insert into accounts values ( i, dbms_random.string('u',30), Table ACCOUNTS Name Null? Type ----------------- -------- ------------ ACCNO NUMBER ACCNAME VARCHAR2(30) SSN VARCHAR2(9) BIRTHDAY DATE PRINCIPAL NUMBER INTEREST NUMBER CREATED_DT DATE ltrim(to_char(dbms_random.value(100000000,999999999),'999999999')), sysdate - 30*365 - dbms_random.value(1,60*365), dbms_random.value(1,100000), dbms_random.value(1,10000), sysdate - dbms_random.value(1,365*5) ); end loop; 3

Result Caching PL/SQL Function Stores the results in result_cache (a memory area) Returns the results when the function is called (not re-executed) When the underlying data hasn t changed Get_counts_by_birthyear_v1.sql Get_counts_by_birthyear_v2.sql 4

Invoker Rights DEFINER INVOKER MARY MARY SCOTT UPDATE EMP SET SAL = WHERE EMPNO = SCOTT UPDATE EMP SET SAL = WHERE EMPNO = SCOTT MARY SCOTT MARY EMP EMP EMP EMP 5

Invoker Rights CREATE PROCEDURE UPDATE_EMP ( P_EMPNO IN NUMBER, P_SAL IN NUMBER) AUTHID DEFINER IS BEGIN UPDATE EMP SET SAL = P_SAL WHERE EMPNO = P_EMPNO; END; CREATE PROCEDURE UPDATE_EMP ( P_EMPNO IN NUMBER, P_SAL IN NUMBER) AUTHID CURRENT_USER IS BEGIN UPDATE EMP SET SAL = P_SAL WHERE EMPNO = P_EMPNO; END; 6

Result Cache + Invoker create or replace function get_counts_by_birthyear ( p_year_of_birth in varchar2 ) return pls_integer result_cache authid current_user Schema as qualification l_cnt pls_integer; required begin / select count(1) into l_cnt from arup.accounts where to_char(birthday,'yy') = p_year_of_birth; return l_cnt; Get_counts_by_birthyear_v3.sql 7

Repeated Calculations select accno, 0.01 * principal + 0.02 * interest + 0.10 * (sysdate - created_dt) * 10 + 0.05 * (sysdate - birthday) * 10 as interest from accounts 8

Inline Functions create or replace function get_bonus_amount ( p_accno in accounts.accno%type ) return number is l_bonus begin select number; 0.01 * principal + 0.02 * interest + 0.10 * (sysdate - created_dt) * 10 + 0.05 * (sysdate - birthday) * 10 into l_bonus from accounts where accno = p_accno; return l_bonus; / Repeated. Better be out of the code in a function Get_bonus_amount_v1.sql Int1.sql 9

Inline Function with function get_bonus_amount (p_accno in accounts.accno%type) return number is l_bonus number; begin select 0.01 * principal + 0.02 * interest + 0.10 * (sysdate - created_dt) * 10 + 0.05 * (sysdate - birthday) * 10 into l_bonus from accounts where accno = p_accno; return l_bonus; select accno, get_bonus_amount (accno) from accounts where accno in (3,5,9); Not a stored function Get_bonus_amount_v2.sql 10

Update SQL: update table set col1 = (with function ) Will fail with ORA-32034: unsupported use of WITH clause Solution: update /*+ WITH_PLSQL */ table set col1 = (with function ) 11

Inline Functions No Schema changes required Good for tightly controlled shops No SQL-PL/SQL context switching Function inlining PL/SQL Optimization Watch out No DETERMINISTIC function optimization 12

Pragma UDF Pragmas pragma autonomous_transaction; pragma exception_init (deadlock_detected,-60); Pragma UDF (user defined function) create or replace function get_bonus_amount ( p_accno in accounts.accno%type ) return number is pragma UDF; l_bonus number;... get_bonus_amount_pragma_udf_v1.sql 13

Program Security Procedure (with invoker rights) updates User Table roles_to_proc_trad.sql The user needs update privileges on the table Can update anything; not just what the procedure is capable of 14

Will a role help? Procedure (with invoker rights) User Granted to updates Role Table 15

12c Way Procedure (with invoker rights) User updates Role Table roles_to_proc_12c.sql 16

Program Security Traditional Approach Grant execute on procedure to SCOTT Grant update on table to SCOTT New Approach Grant execute on procedure to SCOTT Grant update on table to role Grant role to procedure grant <role> to procedure <proc> 17

Code Whitelisting You have a utility package pkg_accounts_utils contains sensitive procedures You have an internal package that calls these utils pkg_accounts_internal External package called by others pkg_accounts_external pkg_accounts_internal calls pkg_accounts_external pkg_accounts_utils Not allowed 18

Accessible By The package specification should have create or replace package pkg_accounts_utils accessible by (pkg_accounts_internal) is procedure update_int (p_accno in accounts.accno%type, p_int_amt in accounts.interest%type); Others will get PLS-00904: insufficient privilege to access object PKG_ACCOUNTS_UTILS pkg_accounts_utils_pks_v1.sql pkg_accounts_utils_pkb_v1.sql pkg_accounts_internal_pks_v1.sql pkg_accounts_internal_pkb_v1.sql pkg_accounts_external_pks_v1.sql pkg_accounts_external_pkb_v1.sql 19

Collections in PL/SQL Using collections function get_avg_int_accnolist ( p_int_table in <Collection> ) return number is Parameter p_int_table had to be a database schema object Varray Nested Table PL/SQL Constructs Records PL/SQL Table Indexed by pls_integer 20

Package Collections Create a package spec (body not required) create or replace package pkg_acc is type ty_rec_int is record ( accno number, interest number ); type ty_tab_int is table of ty_rec_int index by pls_integer; rec_int ty_tab_int; / Pkg_acc_v1.sql 21

Use Collections in Binds Function to compute average interest for a group of accounts create or replace function get_avg_int_accnolist (p_int_table in pkg_acc.ty_tab_int) return number is l_tot_int number := 0; l_avg_int number := 0; cnt pls_integer := 0; begin cnt := p_int_table.count; for i in 1..cnt loop l_tot_int := p_int_table(i).interest + l_tot_int; end loop; l_avg_int := l_tot_int / cnt; return l_avg_int; get_avg_int_accnolist_v1.sql End; 22

More Binds Trying to find the average interest for 65 years and older customers Populate select accno, interest bulk collect into pkg_acc.rec_int from accounts where sysdate - birthday > 65*365; Example 1 select get_avg_int_accnolist(pkg_acc.rec_int) into l_avg_int from dual; Example 2 execute immediate 'select get_avg_int_accnolist (:var1) from dual' into l_avg_int using pkg_acc.rec_int; Example 3 select avg(interest), count(1) into l_avg_int, l_tot_accs from table(pkg_acc.rec_int); show_avg_int_for_65yrs_v1.sql show_avg_int_for_65yrs_v2.sql 23

Boolean Binding create or replace procedure show_boolean ( p_truth in boolean ) is l_val varchar2(5); begin / l_val := case p_truth when TRUE then 'TRUE' when FALSE then 'FALSE' else 'NULL' dbms_output.put_line ('The input was ' l_val); Show_boolean_v1.sql

Boolean Binding create or replace procedure show_truth is c_null constant boolean := null; begin execute immediate 'begin show_boolean(:param); ' using true; execute immediate 'begin show_boolean(:param); ' using false; execute immediate 'begin show_boolean(:param); ' using c_null; / show_truth_v1.sql 25

Predefined Directives In previous versions only a few directive were made available to you to display: $$PLSQL_UNIT $$PLSQL_LINE Now you can select two additional directives $$PLSQL_UNIT_TYPE $$PLSQL_UNIT_OWNER demo_proc1_v1.sql demo_proc2_v1.sql 26

Nested Codes create or replace procedure depth_proc1 as procedure depth_proc2 as procedure depth_proc3 as procedure depth_proc4 as procedure depth_proc5 as begin some_code_comes_here; begin depth_proc5; begin depth_proc4; begin depth_proc3; begin depth_proc2; 27

Call Stack Before 12c create or replace procedure display_call_stack is begin dbms_output.put_line(dbms_utility.format _call_stack); / depth_proc_demo_v1.sql display_call_stack_v1.sql 28

12c Way create or replace procedure display_call_stack is l_dynamic_depth pls_integer := utl_call_stack.dynamic_depth; begin -- dbms_output.put_line(dbms_utility.format_call_stack); for i in reverse 1..l_dynamic_depth loop dbms_output.put_line ( lpad(to_char(i,'99'),3) ' ' utl_call_stack.owner(i) '.' utl_call_stack.concatenate_subprogram (utl_call_stack.subprogram (i)) ' (' utl_call_stack.unit_line(i) ') ' ); display_call_stack_v2.sql end loop; 29

Thank You! My Blog: arup.blogspot.com My Tweeter: arupnanda 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information