Oracle Scratchpad

March 20, 2008


Filed under: humour — Jonathan Lewis @ 5:01 pm GMT Mar 20,2008

Tom Kyte and Pete Finnigan are both well known for talking about the need to use bind variables and the dangers of SQL Injection. This cartoon must have been written just for them.


  1. Except the cartoon makes the same mistake a lot of programmers make. They assume they just need to write a parser to make sure that type of stuff doesn’t get through. Instead they should just use bind variables. (simpler and more performant anyway) I remember getting into an argument with a bunch of programmers that they could write such a filter for their dynamic sql and didn’t need to use bind variables to prevent sql injection.

    Comment by Jim — March 20, 2008 @ 5:15 pm GMT Mar 20,2008 | Reply

  2. I love that it’s even using Oracle syntax!

    Comment by Stew Stryker — April 1, 2008 @ 2:42 am BST Apr 1,2008 | Reply

  3. This is a bit off-topic but since this entry is labeled Humour, I found really hilarious this email I got today:

    Dear Customer,

    We’ve noticed that customers who have purchased or rated books by Thomas Kyte have also purchased All Mouth by Jonathan Lewis. For this reason, you might like to know that All Mouth is now available. You can order yours for just $12.89 ($6.06 off the list price) by following the link below.

    Comment by Oscar de la Torre — April 9, 2008 @ 6:59 am BST Apr 9,2008 | Reply

RSS feed for comments on this post. TrackBack URI

Comments and related questions are welcome.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by

%d bloggers like this: