Hah, they didn't even mention "bind variable"
But, we all know that is the true cause of the problem... The lack of use of bind variables - making special characters in names do nasty things like: (this is a quote)
... apostrophe is often mistaken for a piece of computer code, corrupting the system. ...
Ah, yes, the nasty apostrophe, capable of corrupting entire systems.
It is sloppy programming (they got that right). Lack of binds is a co-winner of first place "bad things to do" right along side "when others then null".
I still wish....
- when others would be removed from plsql
- triggers would be deprecated and removed
- autonomous transactions would start just raising errors
- literals in sql would raise an error
All of those bullets are hyperbole, but they make a point. When I see "when others" in code, it is more often used wrong (in the order of 1000 to 1). When I see a trigger developed to "enforce integrity" - it is almost always wrong. The way people use autonomous transactions - almost always WRONG. Literals in SQL - usually wrong (but not always, but here I would err on the side of caution - outlaw literals and let bind peeking put them back in later...)
I know, I've said this before.
You know, I'll say it again.
Because I see the same four mistakes every day. Every. Single. Day. Especially the "when others" and lack of binds. Followed by triggers. Fortunately, most programmers never read to the autonomous transaction chapter...