Summary
SQL injection is a technique that involves changing the original SQL statement code by extending it from the user input. Instead of getting the required value, the user provides the SQL code, which is executed. This results in access to commonly unavailable (hidden) data, the possibility of unauthorized changes to values, or dropping individual objects. The security, robustness, and correctness of the systems would be significantly impaired.
In this chapter, we focused on SQL injection problems related to Date and Time processing. We have shown that the problem can be precisely done because of the implicit character string conversion to the Date or Timestamp value. The solution is associated with the bind variables, which cannot cover additional conditions or queries.
Additionally, we covered explicit Date and Time management and looked at the DBMS_ASSERT package, which can identify identifiers and SQL names and can also limit SQL injection by using the ENQUOTE_LITERAL...
