Home/ Questions/Q 6607557
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T19:30:58+00:00

I have jsp page where user selects table name, column name and column value,

  • 0

I have jsp page where user selects table name, column name and column value, with those three condtion I want to delete all matching row from the database. Is there a way to pass table name, column name and column value in oracle to delete certain row from the table? Any example would help me.. Thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d worry about SQL Injection attacks as you are supplying the table and column names.
    You could create an Oracle function to remove the records required and test for certain conditions to be met before removing the row:

    CREATE OR REPLACE
FUNCTION delete_record (
   p_table  IN VARCHAR2,
   p_column IN VARCHAR2,
   p_value  IN VARCHAR2
)
RETURN NUMBER
AS
   v_table   user_tables.table_name%TYPE;
   v_columns user_tab_cols.column_name%TYPE;
BEGIN
   -- Check table exists in DB
   SELECT table_name
     INTO v_table
     FROM user_tables
    WHERE table_name = UPPER(p_table);

   -- Check column exists in DB table
   SELECT column_name
     INTO v_colums
     FROM user_tab_cols
    WHERE table_name = UPPER(p_table)
      AND column_name = UPPER(p_column);

   EXECUTE IMMEDIATE 
      'DELETE FROM '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_table)||
      ' WHERE '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_column)||' = :col_value'
     USING p_value;

   RETURN SQL%ROWCOUNT;
EXCEPTION
   WHEN NO_DATA_FOUND
   THEN
        -- Either return -1 (error) or log an error etc.
        RETURN -1;
   WHEN others
   THEN
        <Your exception handling here>
END delete_record;
/

    This (or something like this) would check the table and column variables supplied exist in the database before then deleting the records and returning the number of records deleted.
    If there is a problem with the number deleted you can issue a rollback statement, if it is OK then you can issue a commit.

    Of course, if you want to supply a fully qualified table name (recommended) then you would use the DBMS_ASSERT.QUALIFIED_SQL_NAME function instead of the DBMS_ASSERT.SIMPLE_SQL_NAME function.

    Hope it helps…

    EDIT: In response to Jack’s question about adding date from and date to.

    If you add two new conditions that are passed in to the function as:

    CREATE OR REPLACE
FUNCTION delete_record (
   p_table     IN VARCHAR2,
   p_column    IN VARCHAR2,
   p_value     IN VARCHAR2,
   p_date_from IN DATE,
   p_date_to   IN DATE
)

    Then you’d need to expand the EXECUTE IMMEDIATE with:

    EXECUTE IMMEDIATE 
  'DELETE FROM '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_table)||
  ' WHERE '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_column)||' = :col_value'||
  ' AND date BETWEEN :date_from AND :date_to'
 USING p_value,
       p_date_from,
       p_date_to;

    N.B. This assumes your date column in the table is called “date”.
    I don’t have a SQL interface in front of me at the moment but this should be close enough to what you need to get it working.

    If you are passing the p_date_XXXX parameters in as VARCHAR2 and not DATE types then you’s need to “TO_DATE” the values before passing them into the dynamic SQL.

    e.g.

    EXECUTE IMMEDIATE 
  'DELETE FROM '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_table)||
  ' WHERE '||DBMS_ASSERT.SIMPLE_SQL_NAME(p_column)||' = :col_value'||
  ' AND date BETWEEN :date_from AND :date_to'
 USING p_value,
       TO_DATE(p_date_from, <date_format>),
       TO_DATE(p_date_to, <date_format>);
    • 0