VF=>user  ID=>     Login Feedback FAQ Blog
1,064,669 quizzes played | 2,953 active players

The PL/SQL Challenge offers an ever-growing library of information to help you become more expert in the Oracle technology stack. The Quizzes tab gives you access to all quizzes taken in the past. The Resources tab offers searchable access to many topics in Oracle documentation, to popular Ask Tom threads, and to fascinating blog posts from around the world. Utilities gives you quick access to SQL and PL/SQL utilities, i.e., reusable code. Visit Commentary to search across all quiz discussions.


All of the quizzes already taken by players are available on this page. You can search for a specific string in the topic for that question; filter for a particular type of quiz (you might, for example, want to check out the quizzes given in the last playoff); check out all the advanced quizzes, etc.

Filter Quizzes


View
Quiz
Played InFeature / Summary / AuthorEnded
OnDescending
CommentaryPct Correct
PL/SQL Deja Vu

Validation Checks to Guard Against SQL Injection: DBMS_ASSERT.SIMPLE_SQL_NAME

Use DBMS_ASSERT.SIMPLE_SQL_NAME to help avoid SQL injection through the provision of the names of database objects, such as table and view names.

Author: Steven Feuerstein [5510-2202427]
2017-04-21 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge

Executing DDL statements in PL/SQL blocks: Implicit commit when executing DDL

If when executing a DDL statement (inside or outside of PL/SQL), a commit is issued before the statement is parsed and executed - but only if the statement is syntactically valid. If there is a syntax error, no commit is performed. If the statement fails for semantic reasons (e.g., you try to create table named "X", but there is already a table with that name), the prior commit does occur.

Author: Steven Feuerstein [23407-2173634]
2017-04-07 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge Championship

Dynamic PL/SQL: Binding variables to receive data from a dynamic PL/SQL block

When executing a dynamic SQL statement inside a dynamic PL/SQL block, think through carefully where you put your placeholders.

Author: Steven Feuerstein [22306-2081206]
2017-03-23 ThursdayNo New Comments

Last: 2017-03-24 14:49:38
-
PL/SQL Deja Vu

Dynamic SQL: Dynamic PL/SQL

To execute a dynamically-constructed PL/SQL, you can use EXECUTE IMMEDIATE or DBMS_SQL, but the string that you construct for dynamic execution must be a valid anonymous PL/SQL block.

Author: Steven Feuerstein [6595-2092004]
2017-02-24 FridayNo New Comments
Objections: REJECTED
Last: 2012-08-12 18:48:52
-
PL/SQL Challenge

Executing DDL statements in PL/SQL blocks: EXECUTE IMMEDIATE to execute DDL statements

The "CREATE TYPE" statement to create a schema-level type is an example of a DDL statement. You can use EXECUTE IMMEDIATE to execute a DDL statement inside a PL/SQL block. With DDL statements, you cannot bind a variable into a placeholder. Neither can you include an INTO clause to get information back from the DDL statement. You simply execute a string and, if that string is a valid DDL statement, no error will be raised.

Author: Steven Feuerstein [22386-2092001]
2017-02-24 FridayNo New Comments
Objections: REJECTED
Last: 2017-02-27 17:24:32
-
PL/SQL Challenge

Executing DDL statements with EXECUTE_IMMEDIATE: Transaction impact of DDL execution

When you parse (and execute) a DDL statement in PL/SQL via EXECUTE IMMEDIATE or DBMS_SQL.PARSE, the PL/SQL engine performs a commit both before and after the statement is executed.

Author: Steven Feuerstein [18886-1815528]
2016-09-30 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge

Dynamic SQL: Avoiding SQL Injection in PL/SQL

SQL injection is the exploitation of a poor design or bug in dynamic SQL (and dynamic PL/SQL blocks) that allows an attacker to introduce (or "inject") code into a computer program to change the course of execution from the normal or expected path.

Author: Steven Feuerstein [16001-1554972]
2016-04-22 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge

Dynamic SQL: Native Dynamic SQL

When you need to fetch rows from a dynamically-constructed SELECT, you can use EXECUTE IMMEDIATE or OPEN FOR, but if you are fetching a very large number of rows, OPEN FOR with BULK COLLECT will allow you to use the LIMIT clause and avoid PGA memory errors.

Author: Steven Feuerstein [15841-1543798]
2016-04-15 FridayNo New Comments

Last: 2016-04-18 12:03:43
-
Quick Quiz

Oracle PL/SQL: Dynamic SQL

Dynamic SQL statements must not end in a semi-colon. Dynamic PL/SQL statements must end in a semi-colon.

Author: Steven Feuerstein [15761-1533096]
2016-04-08 FridayNo New Comments
Objections: ACCEPTED
Last: 2016-04-04 11:51:42
-
PL/SQL Deja Vu

Dynamic PL/SQL: Binding variables to receive data from a dynamic PL/SQL block

When executing dynamic PL/SQL blocks, if you need to retrieve the value of an expression from that block, you must specify the OUT or IN OUT mode for the corresponding bind variable.

Author: Steven Feuerstein [474-1334295]
2015-12-04 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge

EXECUTE IMMEDIATE: The USING clause of EXECUTE IMMEDIATE

When you use EXECUTE IMMEDIATE to run dynamic SQL (as opposed to dynamic PL/SQL block execution), it associates values in the USING clause positionally, regardless of the name of the placeholder used.

Author: Steven Feuerstein [13342-1313897]
2015-11-20 FridayNo New Comments

Last: 2015-11-24 20:08:12
-
PL/SQL Deja Vu

Oracle PL/SQL: Dynamic SQL

When fetching a fixed number of columns (that is, known at compile time) from a dynamically-constructed query, you can use EXECUTE IMMEDIATE, OPEN FOR or DBMS_SQL. The first approach, native dynamic SQL, is usually the simplest. 

Author: Steven Feuerstein [10646-1240444]
2015-09-25 FridayNo Comments
Last: No Comments
-
PL/SQL Challenge

Avoiding SQL Injection in PL/SQL: Bind Values to Guard Against SQL Injection

The best way to avoid the dangers of SQL injection is to avoid concatenation of chunks of SQL and instead rely on bind variables.

Author: Steven Feuerstein [11982-1191388]
2015-08-21 FridayNo Comments
Last: No Comments
-
Oracle Magazine Quiz

Avoiding SQL Injection in PL/SQL: Validation Checks to Guard Against SQL Injection

When writing dynamic SQL, remember: Avoid unnecessary construction and execution of a dynamic PL/SQL block; don't let users pass text directly to the subprogram constructing the SQL statement; Make sure that database object names are valid with DBMS_ASSERT.

Author: Steven Feuerstein [10722-1044675]
2015-06-30 TuesdayNo Comments
Last: No Comments
-
PL/SQL Explore

Oracle PL/SQL: Dynamic SQL

When fetching a fixed number of columns (that is, known at compile time) from a dynamically-constructed query, you can use EXECUTE IMMEDIATE, OPEN FOR or DBMS_SQL. The first approach, native dynamic SQL, is usually the simplest. 

Author: Steven Feuerstein [10646-1016817]
2015-03-06 FridayNo Comments
Last: No Comments
-
  • 1 - 15
 
About Oracle | | Terms of Use | Your Privacy Rights | Copyright 2010-2017, Oracle Corporation