Hello Eder,
You can run Dynamic SQL in this form, concatenating the name of the table in SQL, but it is strongly recommended that it is the last alternative [/b] solution. Dynamic SQL is usually useful in cases where without it you would need to write much more code and would be a much more complex solution with static SQL.
follow some relevant points in my opinion:
- Dynamic SQL and SQL strings concatenation make the code vulnerable to SQL Injection, which is a serious fault Security in database applications. Be aware of this and validate
always the strings received to concatenar. Read about the dbms_assert package.
http://download.oracle.com/docs/cd/E118 ... assert.htm - Static SQL has the syntax validated at compile time. Dynamic SQL No.
- Static SQL is validated at compile time to ensure that the user has the necessary grants to perform the operation. Dynamic No.
- As a consequence its much more complicated code to maintain and appeal to make debug; And much more subject to mistakes.
- Static SQL in PL / SQL uses variables binding (parameters in the WHERE) automatically. In the dynamic SQL you need to do it manually or are subject to parse from SQL repeatedly, ending the performance of the BD.
I'm sure there are more points that could be reinforced but that's what I got to remember now.
has more information about dynamic SQL in the link below:
http://download.oracle.com/docs/cd/E118 ... ynamic.htm