DBMS_ASSERT v17

The DBMS_ASSERT package lets you sanitize and validate user input to help guard against SQL injections in applications. The following table lists the supported functions:

FunctionReturn typeDescription
ENQUOTE_LITERALVARCHAR2Wraps a string in single quotes
ENQUOTE_NAMEVARCHAR2Wraps quotation marks around a string
NOOPanycompatibleReturns the input value without any checking
QUALIFIED_SQL_NAMEVARCHAR2Checks if the input string is a qualified SQL name
SCHEMA_NAMEVARCHAR2Checks if the input string is an existing schema name
SIMPLE_SQL_NAMEVARCHAR2Checks if the input string is a simple SQL name
SQL_OBJECT_NAMEVARCHAR2Checks if the input string is a qualified SQL identifier of an existing SQL object

See Examples for SQL injection for some demonstrations of how to use DBMS_ASSERT.