Skip to Main Content

Breadcrumb

Question and Answer

Chris Saxon

Thanks for the question, gaia.

Asked: June 21, 2019 - 7:31 am UTC

Last updated: June 21, 2019 - 2:10 pm UTC

Version: 11.2.0.3.0

Viewed 1000+ times

You Asked

Hi!

I arrived in this new work place and i'm trying to figure out how they work. I found a lot of procedures and packages that repeatedly call each other and i'm wondering if and how this kind of things effected oracle performances.

In particular, i came across this string in a function:

v_SqlText := 
  'SELECT SIANAGR.ANACODANA  '||LsGlobal.c_LF||
  '  FROM SIANAGR            '||LsGlobal.c_LF||
  ' WHERE SIANAGR.ANAPIVA =  '||LsGlobal.c_APICE||v_CFisc||LsGlobal.c_APICE||LsGlobal.c_LF;


LsGlobal is another package, c_LF is a constant in the specification := chr(10), c_APICE another constant := '''' and v_CFisc is an IN parameter.

Is it true that Oracle every time encounters a package.variable, makes a call? If it's true, this string is a bad coding example?
Is there a way to trace how an in what time oracle resolves this string?

Many thanks for the help,
Gaia

and Chris said...

this string is a bad coding example?

This is a horrendous coding example. But for a completely different reason.

Security.

This code is at risk of SQL injection.

Really this code should be just:

SELECT SIANAGR.ANACODANA
INTO ...
FROM SIANAGR            
WHERE SIANAGR.ANAPIVA =  v_CFisc ;


If there is some reason it absolutely must use dynamic SQL, you should validate the inputs with dbms_assert.

But really, the priority should be switching this to static SQL, like I've shown above.

Once you've fixed this, if you are concerned about the performance of specific PL/SQL statements, you can use the profiler to find out how long they take:

https://oracle-base.com/articles/11g/plsql-hierarchical-profiler-11gr1

Rating

  (2 ratings)

Is this answer out of date? If it is, please let us know via a Comment

Comments

Thomas Brotherton, June 21, 2019 - 1:36 pm UTC

It would be even better if they used a bind variable in the dynamic sql instead of dbms_assert, but both are preferrable to what they are doing now. There should be plenty of examples of bind variables in dynamic sql on AskTOM.
Chris Saxon
June 21, 2019 - 2:10 pm UTC

Good point.

gaia tosi, June 24, 2019 - 7:09 am UTC

I will definitely take your answers in strong consideration and analyse the possible effort with my coworkers.

In the mean time, i'll study the two dbms packages and how they work.

Many thanks,
Gaia
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

PL/SQL demos

Check out more PL/SQL tutorials on our LiveSQL tool.

PL/SQL docs

PL/SQL reference manual from the Oracle documentation library