Home / Vulnerability Database / PL or SQL : String concatenation
PL/SQL
PL or SQL : String concatenation
Overview
The application uses string concatenation. The resulting string should not be used as an SQL query.
Use argument binding when creating dynamic queries. Binding usually works faster, helps avoid implicit conversions, minimizes the chance of code injection, and is easier to maintain and update. Using concatenation for generating queries is only justified, when a particular query is identified as a bottleneck and requires additional optimization.
LOW
DerScanner Severity Score
Do you want to fix PL or SQL : String concatenation in your application?
See also
PL/SQL
PL or SQL : Open redirect
PL/SQL
PL or SQL : Cross-site scripting (XSS)
PL/SQL