Korrekte Verwendung von Bind-Variablen mit Terminen in Oracle?
Frage
Ich bin verwirrt über die korrekte Verwendung von Bindvariablen mit
Ich hätte den richtigen Ansatz gedacht, um sicherzustellen, dass die ordnungsgemäße Verwendung von Bind-Variablen Folgendes tun soll: generasacodicetagpre.
Ich habe jedoch Ansätze gesehen, in denen das Datumsformat mit Bindungen nicht erledigt ist, also bin ich etwas verwirrt.
kann jemand das bestätigen oder den besten Ansatz vorschlagen?
Lösung
Is the date format a constant? Or does it change at runtime?
Normally, you know what format the string is (at least expected) to be in so the date format would be a constant. If something is a constant, it is not necessary to make it a bind variable, it can just be hard-coded as part of the statement. In this case, it wouldn't matter either way but there are cases where you'd rather the value be hard-coded in the SQL statement because you want to give the optimizer more information (think of a column with highly skewed data where you're always looking for a particular hard-coded value).
On the other hand, if the date format changes at runtime because someone is passing both the string representation of the date and the format the string is in to your procedure, it would make sense for the date format to be a bind variable.
Andere Tipps
The answer to your question is it depends...
If you're dynamically creating your date_format then you ought to use a bind variable to make yourself SQL-injection safe. If you're not dynamically creating the date-format then it's already hard-coded and there's very little point.
select to_date(:my_date,'yyyymmdd') from dual
is safe anyway but:
select to_date(:my_date,:my_date_format) from dual
should really be a bind.
This is all assuming that :my_date is not a column, in which case it cannot be a bind variable at all.
If you're binding :my_date
though you're passing a static date to Oracle and not using a column then can't OCI work this out for you without going to Oracle ( I don't know for sure, never used it ).