Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

PL/SQL static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your PL/SQL code

Filtered: 11 rules found

clumsy

Impact

Clean code attribute

"EXECUTE IMMEDIATE" should be used instead of DBMS_SQL procedure calls

Code Smell

MajorSonarSource default severity
click to learn more

Why is this an issue?

EXECUTE IMMEDIATE is easier to use and understand than the DBMS_SQL package’s procedures. It should therefore be preferred, when possible.

Noncompliant code example

SET SERVEROUTPUT ON

CREATE TABLE myTable(
  foo VARCHAR2(42)
);

CREATE PROCEDURE drop_table(tableName VARCHAR2) AS
  cursorIdentifier INTEGER;
BEGIN
  cursorIdentifier := DBMS_SQL.OPEN_CURSOR; -- Compliant; this is not a procedure call
  DBMS_SQL.PARSE(cursorIdentifier, 'DROP TABLE ' || tableName, DBMS_SQL.NATIVE); -- Noncompliant
  DBMS_SQL.CLOSE_CURSOR(cursorIdentifier); -- Noncompliant

  DBMS_OUTPUT.PUT_LINE('Table ' || tableName || ' dropped.');
EXCEPTION
  WHEN OTHERS THEN
    DBMS_SQL.CLOSE_CURSOR(cursorIdentifier); -- Noncompliant
END;
/

BEGIN
  drop_table('myTable');
END;
/

DROP PROCEDURE drop_table;

Compliant solution

SET SERVEROUTPUT ON

CREATE TABLE myTable(
  foo VARCHAR2(42)
);

CREATE PROCEDURE drop_table(tableName VARCHAR2) AS
  cursorIdentifier INTEGER;
BEGIN
  EXECUTE IMMEDIATE 'DROP TABLE ' || tableName;
  DBMS_OUTPUT.PUT_LINE('Table ' || tableName || ' dropped.');
END;
/

BEGIN
  drop_table('myTable');
END;
/

DROP PROCEDURE drop_table;

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

In-IDE

SaaS

Self-Hosted