I tried executing the oracle alter session query for changing the language settings but it fails with an error "ORA-01036: illegal variable name/number".
preparedStatement = connection.prepareStatement("ALTER SESSION SET NLS_SORT = ?");
preparedStatement.setString(1, "BINARY_CI");
preparedStateme开发者_StackOverflow社区nt.execute();
Oracle does not allow to bind variables in ddl statements. Since bind variables have a performance gain (in my use case this alter session query would be executed on every connection used in the web application) and it also prevents the application from SQL injection I wanted to use them. If not bind variables is there any other optimized way of executing the above alter session query?
Bind variables have a performance gain because query parse/optimizing is done only once, and not at each execution.
There is no parsing done on that alter session call, using a bind variable here will not gain you anything in terms of performance.
As for SQL injection, just validate the name of the collation against a list of collations you support.
ALTER SESSION does not require a query plan (which is slow to build), so it must be excuted fast even unprepared.
If you use any form of connection pooling (and you probably do) this statement needs to execute even less frequently.
Use the hardcoded literal form or check the collation name against a list of known collations.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论