Closed hiren-intellectdesign closed 7 years ago
You can use SQL or PL/SQL and bind data into the statements. If you need to dynamically construct the text of the statements you should be very careful not to introduce SQL injection security errors. Something like Knex.js on top of the driver may work for you, or you may be better off doing dynamic SQL inside a PL/SQL procedure.
Alright, Thanks for clarifying.
Hello, Is there a way in OracleDB driver by which we can pass dynamic filter conditions without specifying bind parameters in query string?
Something like:
var queryStr = "Select * from Employee e"; var bindVars = { name: "John", age: "23" };
connection.execute(queryStr, bindVars);
So, here filter conditions would still get applied during query execution, but without explicitly specifying them into query string.
The use case we have here is, where we have one standard query, which we can use with frequently changing filter conditions which would be accepted as user input dynamically.