You created a procedure as follows:
CREATE OR REPLACE PROCEDURE query_prod(twhr VARCHAR2)
IS
stmt VARCHAR2(100);
pname VARCHAR2(20);
BEGIN
stmt:=’SELECT product_name FROM products WHERE product_id=:2′;
EXECUTE IMMEDIATE stmt INTO pname USING twhr;
DBMS_OUTPUT.PUT_LINE(pname);
END;
/
View the Exhibit to examine the structure of PRODUCTS table.
Which statement is true about the procedure?
A.
It produces an error when invoked.
B.
It can be invoked only from a PL/SQL block.
C.
It reduces the chances of SQL injection by using bind arguments.
D.
The values for bind arguments remain persistent in the session after the execution of the procedure.
I think that the ‘A’ – this is an alternative answer, or perhaps the primary …
It produces an error when invoked.:
1) pname VARCHAR2(20) < product_name varchar2(125);
2) twhr VARCHAR2 is not NUMBER (product_id)
exec query_prod('abc');
Implicit Type Conversion is a fine Thing.
You can compile and run it without errors
as long as the select return value is <=20 Characters. (1) pname VARCHAR2(20))
C should be the correct answer
And why not B?
Since this is a PROCEDURE not FUNCTION it cannot be executed from SQL. So why B is not correct ?
Use EXECUTE IMMEDIATE to execute the specified SQL statement. Bind argument is an expression whose value is passed to the specified SQL statement or PL/SQL block, or an identifier that serves as an input and/or output variable to the function or procedure that is called in the PL/SQL block.
C might not be correct. I think B is correct.
not B, C is correct
B,C
same question why B is not correct