DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Please enter at least three characters to search
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • What Is SQL Injection and How Can It Be Avoided?
  • Which Tool Is Better for Code Completion — Azure Data Studio or dbForge SQL Complete?
  • C# Applications Vulnerability Cheatsheet
  • Part 2 - How to Hive on GCP using Google DataProc and Cloud Storage

Trending

  • A Developer's Guide to Mastering Agentic AI: From Theory to Practice
  • Measuring the Impact of AI on Software Engineering Productivity
  • Mastering Advanced Traffic Management in Multi-Cloud Kubernetes: Scaling With Multiple Istio Ingress Gateways
  • AI's Dilemma: When to Retrain and When to Unlearn?
  1. DZone
  2. Data Engineering
  3. Databases
  4. Dynamic SQL Injection With Oracle ERP Cloud

Dynamic SQL Injection With Oracle ERP Cloud

This article covers the steps to create a Dynamic BI Report so SQL can be injected at a run time to the report, which can be useful in building integrations.

By 
Puneet Kakkar user avatar
Puneet Kakkar
·
Jan. 11, 21 · Tutorial
Likes (4)
Comment
Save
Tweet
Share
6.9K Views

Join the DZone community and get the full member experience.

Join For Free

In this previous article, we learned how to design and Develop an Oracle Cloud BI Report. We will use the same Report and convert it Into a Dynamic SQL Injection based Report.

Log in to Oracle Cloud Applications and Go to Tools in the Navigator and click on Reports and Analytics. Click on Browse Catalog to launch the BI workspace.

Data Model Update

  • Log in to Oracle and open the Data Model created in the previous steps. Please update the Data Model with below PLSQL block.

Query1 variable screenshot.

  • As you can see in the screenshot above, query1 is a variable, that will be passed to the Data Model as a base64 encoded string. We will use a standard out of the box function to decode the string to a SQL query and pass it to a cursor to open as a Reference Cursor.
  • Please note that the type of SQL is a Procedure Call.
  • Please check “Bind Parameter Value As Comma Separated String” in case you want to pass multiple SQL statements.
  • Please click OK to save the query screen and save the data model.
  • You can optionally specify the row tag name for the XML output.

Adding Parameters

  • Please click on the Parameters tab and add a parameter to pass the SQL query as input.
  • Add another parameter, xdo_cursor, which acts as a CURSOR output for the result set.

Curser output screenshot.

  • Generate base64 encoded string using any Database tool (e.g. SQL Developer).
  • Connect to the Oracle Database using SQL developer and generated base64 String as below. The input SQL statement is as follows: Select person_id from per_all_people_f
    Output screenshot.
  • As reviewed from the output above, Base64 encoded string is c2VsZWN0IHBlcnNvbl9pZCBmcm9tIHBlcl9hbGxfcGVvcGxlX2Y=

Generate Data Model Output

  • Please click on Data Sets, “QueryEmployees,” and click on the data tab and paste the SQL encoded string in the input variable as below:

Input variable screenshot.

  • Click the View button to see the data as shown below:

Data screenshot.

  • As you can see, we have passed the SQL query as an input to generate the output successfully.  In a real-time scenario, we can create a common Data Model and pass SQL queries from the integration layer to get the data. 

I hope this will prove to be a useful article for your ERP Cloud work.

sql Enterprise resource planning Cloud Data model (GIS) Data (computing) Database Injection

Opinions expressed by DZone contributors are their own.

Related

  • What Is SQL Injection and How Can It Be Avoided?
  • Which Tool Is Better for Code Completion — Azure Data Studio or dbForge SQL Complete?
  • C# Applications Vulnerability Cheatsheet
  • Part 2 - How to Hive on GCP using Google DataProc and Cloud Storage

Partner Resources

×

Comments
Oops! Something Went Wrong

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends:

Likes
There are no likes...yet! 👀
Be the first to like this post!
It looks like you're not logged in.
Sign in to see who liked this post!