The mwrynn PL/SQL Table API - Provides a "table_obj" that is linked to a table; the object has many functions that perform convenient operations, such as disabling/enabling all indexes, generation of random dummy data (random garbage as well as randomly select parent keys for foreign key columns), dynamic query generation - especially useful to handle burdensome column lists
We unfortunately can't use bind variables for inputs that represent identifiers, that are used to form queries dynamically. Therefore we need to either escape all identifiers passed in by the user, or do some kind of whitelist validation like check if the table name exists, throw an exception if not. (I forget offhand if we allow creation of a table_obj if table does not exist yet, so it may or may not be feasible to validate as mentioned in the last sentence.)
Let's go with writing functions to validate identifiers by looking up in the dictionary views.
We unfortunately can't use bind variables for inputs that represent identifiers, that are used to form queries dynamically. Therefore we need to either escape all identifiers passed in by the user, or do some kind of whitelist validation like check if the table name exists, throw an exception if not. (I forget offhand if we allow creation of a table_obj if table does not exist yet, so it may or may not be feasible to validate as mentioned in the last sentence.)
Let's go with writing functions to validate identifiers by looking up in the dictionary views.