Oracle® Database PL/SQL User's Guide and Reference 10g Release 2 (10.2) Part Number B14261-01 |
|
|
PDF · Mobi · ePub |
This chapter shows you how to turn sets of statements into reusable subprograms. Subprograms are like building blocks for modular, maintainable applications.
This chapter contains these topics:
Subprograms are named PL/SQL blocks that can be called with a set of parameters. PL/SQL has two types of subprograms, procedures and functions. Generally, you use a procedure to perform an action and a function to compute a value.
Similar to anonymous blocks, subprograms have:
A declarative part, with declarations of types, cursors, constants, variables, exceptions, and nested subprograms. These items are local and cease to exist when the subprogram ends.
An executable part, with statements that assign values, control execution, and manipulate Oracle data.
An optional exception-handling part, which deals with runtime error conditions.
Example 8-1 shows a string-manipulation procedure double
that accepts both input and output parameters, and handles potential errors.
Example 8-1 Simple PL/SQL Procedure
DECLARE in_string VARCHAR2(100) := 'This is my test string.'; out_string VARCHAR2(200); PROCEDURE double ( original IN VARCHAR2, new_string OUT VARCHAR2 ) AS BEGIN new_string := original || ' + ' || original; EXCEPTION WHEN VALUE_ERROR THEN DBMS_OUTPUT.PUT_LINE('Output buffer not long enough.'); END; BEGIN double(in_string, out_string); DBMS_OUTPUT.PUT_LINE(in_string || ' - ' || out_string); END; /
Example 8-2 shows a numeric function square
that declares a local variable to hold temporary results, and returns a value when finished.
Example 8-2 Simple PL/SQL Function
DECLARE FUNCTION square(original NUMBER) RETURN NUMBER AS original_squared NUMBER; BEGIN original_squared := original * original; RETURN original_squared; END; BEGIN DBMS_OUTPUT.PUT_LINE(square(100)); END; /
Note:
The SQL CREATE
FUNCTION
statement lets you create standalone functions that are stored in an Oracle database. For information, see CREATE
FUNCTION
in Oracle Database SQL Reference.
The SQL CREATE
PROCEDURE
statement lets you create standalone procedures that are stored in the database. For information, see CREATE
PROCEDURE
in Oracle Database SQL Reference.
You can execute the CREATE
FUNCTION
or CREATE
PROCEDURE
statement interactively from SQL*Plus, or from a program using native dynamic SQL. See Chapter 7, "Performing SQL Operations with Native Dynamic SQL".
Subprograms let you extend the PL/SQL language. Procedures act like new statements. Functions act like new expressions and operators.
Subprograms let you break a program down into manageable, well-defined modules. You can use top-down design and the stepwise refinement approach to problem solving.
Subprograms promote reusability. Once tested, a subprogram can be reused in any number of applications. You can call PL/SQL subprograms from many different environments, so that you do not have to reinvent the wheel each time you use a new language or API to access the database.
Subprograms promote maintainability. You can change the internals of a subprogram without changing other subprograms that call it. Subprograms play a big part in other maintainability features, such as packages and object types.
Dummy subprograms (stubs) let you defer the definition of procedures and functions until after testing the main program. You can design applications from the top down, thinking abstractly, without worrying about implementation details.
When you use PL/SQL subprograms to define an API, you can make your code even more reusable and maintainable by grouping the subprograms into a PL/SQL package. For more information about packages, see Chapter 9, "Using PL/SQL Packages".
A procedure is a subprogram that performs a specific action. You specify the name of the procedure, its parameters, its local variables, and the BEGIN-END
block that contains its code and handles any exceptions. For information on the syntax of the PROCEDURE
declaration, see "Procedure Declaration".
For each parameter, you specify:
Its name.
Its parameter mode (IN
, OUT
, or IN OUT
). If you omit the mode, the default is IN
. The optional NOCOPY
keyword speeds up processing of large OUT
or IN OUT
parameters.
Its datatype. You specify only the type, not any length or precision constraints.
Optionally, its default value.
You can specify whether the procedure executes using the schema and permissions of the user who defined it, or the user who calls it. For more information, see "Using Invoker's Rights Versus Definer's Rights (AUTHID Clause)".
You can specify whether it should be part of the current transaction, or execute in its own transaction where it can COMMIT
or ROLLBACK
without ending the transaction of the caller. For more information, see "Doing Independent Units of Work with Autonomous Transactions".
A procedure has two parts: the specification (spec for short) and the body. The procedure spec begins with the keyword PROCEDURE
and ends with the procedure name or a parameter list, followed by the reserved word IS
(or AS
). Parameter declarations are optional. Procedures that take no parameters are written without parentheses.
The procedure body begins with the reserved word IS
(or AS
) and ends with the keyword END
followed by an optional procedure name. The procedure body has three parts: a declarative part, an executable part, and an optional exception-handling part.
The declarative part contains local declarations. The keyword DECLARE
is used for anonymous PL/SQL blocks, but not procedures. The executable part contains statements, which are placed between the keywords BEGIN
and EXCEPTION
(or END
). At least one statement must appear in the executable part of a procedure. You can use the NULL
statement to define a placeholder procedure or specify that the procedure does nothing. The exception-handling part contains exception handlers, which are placed between the keywords EXCEPTION
and END
.
A procedure is called as a PL/SQL statement. For example, you might call the procedure raise_salary
as follows:
raise_salary(emp_id, amount);
A function is a subprogram that computes a value. Functions and procedures are structured alike, except that functions have a RETURN
clause. Functions have a number of optional keywords, used to declare a special class of functions known as table functions. They are typically used for transforming large amounts of data in data warehousing applications. For information on the syntax of the FUNCTION
declaration, see "Function Declaration".
The AUTHID
clause determines whether a stored function executes with the privileges of its owner (the default) or current user and whether its unqualified references to schema objects are resolved in the schema of the owner or current user. You can override the default behavior by specifying CURRENT_USER
.
The PARALLEL_ENABLE
option declares that a stored function can be used safely in the slave sessions of parallel DML evaluations. The state of a main (logon) session is never shared with slave sessions. Each slave session has its own state, which is initialized when the session begins. The function result should not depend on the state of session (static
) variables. Otherwise, results might vary across sessions.
The DETERMINISTIC
option helps the optimizer avoid redundant function calls. If a stored function was called previously with the same arguments, the optimizer can elect to use the previous result. For more information and possible limitations of the DETERMINISTIC
option, see CREATE
FUNCTION
in Oracle Database SQL Reference.
The pragma AUTONOMOUS_TRANSACTION
instructs the PL/SQL compiler to mark a function as autonomous (independent). Autonomous transactions let you suspend the main transaction, do SQL operations, commit or roll back those operations, then resume the main transaction.
You cannot constrain (with NOT
NULL
for example) the datatype of a parameter or a function return value. However, you can use a workaround to size-constrain them indirectly. See "Understanding PL/SQL Procedures".
Like a procedure, a function has two parts: the spec and the body. The function spec begins with the keyword FUNCTION
and ends with the RETURN
clause, which specifies the datatype of the return value. Parameter declarations are optional. Functions that take no parameters are written without parentheses.
The function body begins with the keyword IS
(or AS
) and ends with the keyword END
followed by an optional function name. The function body has three parts: a declarative part, an executable part, and an optional exception-handling part.
The declarative part contains local declarations, which are placed between the keywords IS
and BEGIN
. The keyword DECLARE
is not used. The executable part contains statements, which are placed between the keywords BEGIN
and EXCEPTION
(or END
). One or more RETURN
statements must appear in the executable part of a function. The exception-handling part contains exception handlers, which are placed between the keywords EXCEPTION
and END
.
A function is called as part of an expression. For example:
IF sal_ok(new_sal, new_title) THEN ...
The RETURN
statement immediately ends the execution of a subprogram and returns control to the caller. Execution continues with the statement following the subprogram call. (Do not confuse the RETURN
statement with the RETURN
clause in a function spec, which specifies the datatype of the return value.)
A subprogram can contain several RETURN
statements. The subprogram does not have to conclude with a RETURN
statement. Executing any RETURN
statement completes the subprogram immediately.
In procedures, a RETURN
statement does not return a value and so cannot contain an expression. The statement returns control to the caller before the end of the procedure.
In functions, a RETURN
statement must contain an expression, which is evaluated when the RETURN
statement is executed. The resulting value is assigned to the function identifier, which acts like a variable of the type specified in the RETURN
clause. See the use of the RETURN
statement in Example 8-2.
The expression in a function RETURN
statement can be arbitrarily complex:
CREATE OR REPLACE FUNCTION half_of_square(original NUMBER) RETURN NUMBER IS BEGIN RETURN (original * original)/2 + (original * 4); END half_of_square; /
In a function, there must be at least one execution path that leads to a RETURN
statement. Otherwise, you get a function returned without value
error at run time.
You can declare subprograms in any PL/SQL block, subprogram, or package. The subprograms must go at the end of the declarative section, after all other items.
You must declare a subprogram before calling it. This requirement can make it difficult to declare several nested subprograms that call each other.
You can declare interrelated nested subprograms using a forward declaration: a subprogram spec terminated by a semicolon, with no body.
Although the formal parameter list appears in the forward declaration, it must also appear in the subprogram body. You can place the subprogram body anywhere after the forward declaration, but they must appear in the same program unit.
This section explains how to pass information in and out of PL/SQL subprograms using parameters:
Subprograms pass information using parameters:
The variables declared in a subprogram specification and referenced in the subprogram body are formal parameters.
The variables or expressions passed from the calling subprogram are actual parameters.
A good programming practice is to use different names for actual and formal parameters.
When you call a procedure, the actual parameters are evaluated and the results are assigned to the corresponding formal parameters. If necessary, before assigning the value of an actual parameter to a formal parameter, PL/SQL converts the datatype of the value. For example, if you pass a number when the procedure expects a string, PL/SQL converts the parameter so that the procedure receives a string.
The actual parameter and its corresponding formal parameter must have compatible datatypes. For instance, PL/SQL cannot convert between the DATE
and NUMBER
datatypes, or convert a string to a number if the string contains extra characters such as dollar signs.
The procedure in Example 8-4 declares two formal parameters named emp_id
and amount
and the procedure call specifies actual parameters emp_num
and bonus
.
Example 8-4 Formal Parameters and Actual Parameters
DECLARE emp_num NUMBER(6) := 120; bonus NUMBER(6) := 100; merit NUMBER(4) := 50; PROCEDURE raise_salary (emp_id NUMBER, amount NUMBER) IS BEGIN UPDATE employees SET salary = salary + amount WHERE employee_id = emp_id; END raise_salary; BEGIN raise_salary(emp_num, bonus); -- procedure call specifies actual parameters raise_salary(emp_num, merit + bonus); -- expressions can be used as parameters END; /
When calling a subprogram, you can write the actual parameters using either:
Positional notation. You specify the same parameters in the same order as they are declared in the procedure.
This notation is compact, but if you specify the parameters (especially literals) in the wrong order, the bug can be hard to detect. You must change your code if the procedure's parameter list changes.
Named notation. You specify the name of each parameter along with its value. An arrow (=>
) serves as the association operator. The order of the parameters is not significant.
This notation is more verbose, but makes your code easier to read and maintain. You can sometimes avoid changing your code if the procedure's parameter list changes, for example if the parameters are reordered or a new optional parameter is added. Named notation is a good practice to use for any code that calls someone else's API, or defines an API for someone else to use.
Mixed notation. You specify the first parameters with positional notation, then switch to named notation for the last parameters.
You can use this notation to call procedures that have some required parameters, followed by some optional parameters.
Example 8-5 shows equivalent procedure calls using positional, named, and mixed notation.
Example 8-5 Subprogram Calls Using Positional, Named, and Mixed Notation
DECLARE emp_num NUMBER(6) := 120; bonus NUMBER(6) := 50; PROCEDURE raise_salary (emp_id NUMBER, amount NUMBER) IS BEGIN UPDATE employees SET salary = salary + amount WHERE employee_id = emp_id; END raise_salary; BEGIN raise_salary(emp_num, bonus); -- positional procedure call for actual parameters raise_salary(amount => bonus, emp_id => emp_num); -- named parameters raise_salary(emp_num, amount => bonus); -- mixed parameters END; /
You use parameter modes to define the behavior of formal parameters. The three parameter modes are IN
(the default), OUT
, and IN
OUT
.
Any parameter mode can be used with any subprogram. Avoid using the OUT
and IN
OUT
modes with functions. To have a function return multiple values is a poor programming practice. Also, functions should be free from side effects, which change the values of variables not local to the subprogram.
An IN
parameter lets you pass values to the subprogram being called. Inside the subprogram, an IN
parameter acts like a constant. It cannot be assigned a value.
You can pass a constant, literal, initialized variable, or expression as an IN parameter.
IN
parameters can be initialized to default values, which are used if those parameters are omitted from the subprogram call. For more information, see "Using Default Values for Subprogram Parameters".
An OUT
parameter returns a value to the caller of a subprogram. Inside the subprogram, an OUT
parameter acts like a variable. You can change its value, and reference the value after assigning it:
Example 8-6 Using the OUT Mode
DECLARE emp_num NUMBER(6) := 120; bonus NUMBER(6) := 50; emp_last_name VARCHAR2(25); PROCEDURE raise_salary (emp_id IN NUMBER, amount IN NUMBER, emp_name OUT VARCHAR2) IS BEGIN UPDATE employees SET salary = salary + amount WHERE employee_id = emp_id; SELECT last_name INTO emp_name FROM employees WHERE employee_id = emp_id; END raise_salary; BEGIN raise_salary(emp_num, bonus, emp_last_name); DBMS_OUTPUT.PUT_LINE('Salary has been updated for: ' || emp_last_name); END; /
You must pass a variable, not a constant or an expression, to an OUT
parameter. Its previous value is lost unless you specify the NOCOPY
keyword or the subprogram exits with an unhandled exception. See "Using Default Values for Subprogram Parameters".
Like variables, OUT
formal parameters are initialized to NULL
. The datatype of an OUT
formal parameter cannot be a subtype defined as NOT
NULL
, such as the built-in subtypes NATURALN
and POSITIVEN
. Otherwise, when you call the subprogram, PL/SQL raises VALUE_ERROR
.
Before exiting a subprogram, assign values to all OUT
formal parameters. Otherwise, the corresponding actual parameters will be null. If you exit successfully, PL/SQL assigns values to the actual parameters. If you exit with an unhandled exception, PL/SQL does not assign values to the actual parameters.
An IN
OUT
parameter passes initial values to a subprogram and returns updated values to the caller. It can be assigned a value and its value can be read. Typically, an IN OUT
parameter is a string buffer or numeric accumulator, that is read inside the subprogram and then updated.
The actual parameter that corresponds to an IN
OUT
formal parameter must be a variable; it cannot be a constant or an expression.
If you exit a subprogram successfully, PL/SQL assigns values to the actual parameters. If you exit with an unhandled exception, PL/SQL does not assign values to the actual parameters.
Table 8-1 summarizes all you need to know about the parameter modes.
IN | OUT | IN OUT |
---|---|---|
The default | Must be specified | Must be specified |
Passes values to a subprogram | Returns values to the caller | Passes initial values to a subprogram and returns updated values to the caller |
Formal parameter acts like a constant | Formal parameter acts like an uninitialized variable | Formal parameter acts like an initialized variable |
Formal parameter cannot be assigned a value | Formal parameter must be assigned a value | Formal parameter should be assigned a value |
Actual parameter can be a constant, initialized variable, literal, or expression | Actual parameter must be a variable | Actual parameter must be a variable |
Actual parameter is passed by reference (a pointer to the value is passed in) | Actual parameter is passed by value (a copy of the value is passed out) unless NOCOPY is specified |
Actual parameter is passed by value (a copy of the value is passed in and out) unless NOCOPY is specified |
By initializing IN
parameters to default values, you can pass different numbers of actual parameters to a subprogram, accepting the default values for any parameters you omit. You can also add new formal parameters without having to change every call to the subprogram.
If a parameter is omitted, the default value of its corresponding formal parameter is used. You cannot skip a formal parameter by leaving out its actual parameter. To omit the first parameter and specify the second, use named notation.
You cannot assign a null to an uninitialized formal parameter by leaving out its actual parameter. You must pass the null explicitly, or you can specify a default value of NULL
in the declaration.
Example 8-7 illustrates the use of default values for subprogram parameters.
Example 8-7 Procedure with Default Parameter Values
DECLARE emp_num NUMBER(6) := 120; bonus NUMBER(6); merit NUMBER(4); PROCEDURE raise_salary (emp_id IN NUMBER, amount IN NUMBER DEFAULT 100, extra IN NUMBER DEFAULT 50) IS BEGIN UPDATE employees SET salary = salary + amount + extra WHERE employee_id = emp_id; END raise_salary; BEGIN raise_salary(120); -- same as raise_salary(120, 100, 50) raise_salary(emp_num, extra => 25); -- same as raise_salary(120, 100, 25) END; /
PL/SQL lets you overload subprogram names and type methods. You can use the same name for several different subprograms as long as their formal parameters differ in number, order, or datatype family. For an example of an overloaded procedure in a package, see Example 9-3.
Example 8-8 shows how you can define two subprograms with the same name. The procedures initialize different types of collections. Because the processing in these two procedures is the same, it is logical to give them the same name.
You can place the two overloaded initialize
procedures in the same block, subprogram, package, or object type. PL/SQL determines which procedure to call by checking their formal parameters. The version of initialize
that PL/SQL uses depends on whether you call the procedure with a DateTabTyp
or NumTabTyp
parameter.
Example 8-8 Overloading a Subprogram Name
DECLARE TYPE DateTabTyp IS TABLE OF DATE INDEX BY PLS_INTEGER; TYPE NumTabTyp IS TABLE OF NUMBER INDEX BY PLS_INTEGER; hiredate_tab DateTabTyp; sal_tab NumTabTyp; PROCEDURE initialize (tab OUT DateTabTyp, n INTEGER) IS BEGIN FOR i IN 1..n LOOP tab(i) := SYSDATE; END LOOP; END initialize; PROCEDURE initialize (tab OUT NumTabTyp, n INTEGER) IS BEGIN FOR i IN 1..n LOOP tab(i) := 0.0; END LOOP; END initialize; BEGIN initialize(hiredate_tab, 50); -- calls first (DateTabTyp) version initialize(sal_tab, 100); -- calls second (NumTabTyp) version END; /
You can overload two subprograms if their formal parameters differ only in numeric datatype. This technique might be useful in writing mathematical application programming interfaces (APIs), where several versions of a function could use the same name, each accepting a different numeric type. For example, a function accepting BINARY_FLOAT
might be faster, while a function accepting BINARY_DOUBLE
might provide more precision.
To avoid problems or unexpected results passing parameters to such overloaded subprograms:
Make sure to test that the expected version of a subprogram is called for each set of expected parameters. For example, if you have overloaded functions that accept BINARY_FLOAT
and BINARY_DOUBLE
, which is called if you pass a VARCHAR2
literal such as '5.0'?
Qualify numeric literals and use conversion functions to make clear what the intended parameter types are. For example, use literals such as 5.0f
(for BINARY_FLOAT
), 5.0d
(for BINARY_DOUBLE
), or conversion functions such as TO_BINARY_FLOAT()
, TO_BINARY_DOUBLE()
, and TO_NUMBER()
.
PL/SQL looks for matching numeric parameters starting with PLS_INTEGER
or BINARY_INTEGER
, then NUMBER
, then BINARY_FLOAT
, then BINARY_DOUBLE
. The first overloaded subprogram that matches the supplied parameters is used. A VARCHAR2
value can match a NUMBER
, BINARY_FLOAT
, or BINARY_DOUBLE
parameter.
For example, consider the SQRT
function, which takes a single parameter. There are overloaded versions that accept a NUMBER
, a BINARY_FLOAT
, or a BINARY_DOUBLE
parameter. If you pass a PLS_INTEGER
parameter, the first matching overload (using the order given in the preceding paragraph) is the one with a NUMBER
parameter, which is likely to be the slowest. To use one of the faster versions, use the TO_BINARY_FLOAT
or TO_BINARY_DOUBLE
functions to convert the parameter to the right datatype.
For another example, consider the ATAN2
function, which takes two parameters of the same type. If you pass two parameters of the same type, you can predict which overloaded version is used through the same rules as before. If you pass parameters of different types, for example one PLS_INTEGER
and one BINARY_FLOAT
, PL/SQL tries to find a match where both parameters use the higher type. In this case, that is the version of ATAN2
that takes two BINARY_FLOAT
parameters; the PLS_INTEGER
parameter is converted upwards.
The preference for converting upwards holds in more complicated situations. For example, you might have a complex function that takes two parameters of different types. One overloaded version might take a PLS_INTEGER
and a BINARY_FLOAT
parameter. Another overloaded version might take a NUMBER
and a BINARY_DOUBLE
parameter. What happens if you call this procedure name and pass two NUMBER
parameters? PL/SQL looks upward first to find the overloaded version where the second parameter is BINARY_FLOAT
. Because this parameter is a closer match than the BINARY_DOUBLE
parameter in the other overload, PL/SQL then looks downward and converts the first NUMBER
parameter to PLS_INTEGER
.
Only local or packaged subprograms, or type methods, can be overloaded. You cannot overload standalone subprograms.
You cannot overload two subprograms if their formal parameters differ only in name or parameter mode. For example, you cannot overload the following two procedures:
Example 8-9 Restrictions on Overloading PL/SQL Procedures
DECLARE PROCEDURE balance (acct_no IN INTEGER) IS BEGIN NULL; END; PROCEDURE balance (acct_no OUT INTEGER) IS BEGIN NULL; END; BEGIN DBMS_OUTPUT.PUT_LINE('The following procedure call raises an error.'); -- balance(100); raises an error because the procedure declaration is not unique END; /
You cannot overload subprograms whose parameters differ only in subtype. For example, you cannot overload procedures where one accepts an INTEGER
parameter and the other accepts a REAL
parameter, even though INTEGER
and REAL
are both subtypes of NUMBER
and so are in the same family.
You cannot overload two functions that differ only in the datatype of the return value, even if the types are in different families. For example, you cannot overload two functions where one returns BOOLEAN
and the other returns INTEGER
.
Figure 8-1 shows how the PL/SQL compiler resolves subprogram calls. When the compiler encounters a procedure or function call, it tries to find a declaration that matches the call. The compiler searches first in the current scope and then, if necessary, in successive enclosing scopes. The compiler looks more closely when it finds one or more subprogram declarations in which the subprogram name matches the name of the called subprogram.
To resolve a call among possibly like-named subprograms at the same level of scope, the compiler must find an exact match between the actual and formal parameters. They must match in number, order, and datatype (unless some formal parameters were assigned default values). If no match is found or if multiple matches are found, the compiler generates a semantic error.
Example 8-10 calls the enclosing procedure swap
from the function balance
, generating an error because neither declaration of swap
within the current scope matches the procedure call.
Example 8-10 Resolving PL/SQL Procedure Names
DECLARE PROCEDURE swap (n1 NUMBER, n2 NUMBER) IS num1 NUMBER; num2 NUMBER; FUNCTION balance (bal NUMBER) RETURN NUMBER IS x NUMBER := 10; PROCEDURE swap (d1 DATE, d2 DATE) IS BEGIN NULL; END; PROCEDURE swap (b1 BOOLEAN, b2 BOOLEAN) IS BEGIN NULL; END; BEGIN DBMS_OUTPUT.PUT_LINE('The following raises an error'); -- swap(num1, num2); wrong number or types of arguments in call to 'SWAP' RETURN x; END balance; BEGIN NULL;END swap; BEGIN NULL; END; /
The overloading algorithm allows substituting a subtype value for a formal parameter that is a supertype. This capability is known as substitutability. If more than one instance of an overloaded procedure matches the procedure call, the following rules apply to determine which procedure is called:
If the only difference in the signatures of the overloaded procedures is that some parameters are object types from the same supertype-subtype hierarchy, the closest match is used. The closest match is one where all the parameters are at least as close as any other overloaded instance, as determined by the depth of inheritance between the subtype and supertype, and at least one parameter is closer.
A semantic error occurs when two overloaded instances match, and some argument types are closer in one overloaded procedure to the actual arguments than in any other instance.
A semantic error also occurs if some parameters are different in their position within the object type hierarchy, and other parameters are of different datatypes so that an implicit conversion would be necessary.
For example, create a type hierarchy with three levels and then declare two overloaded instances of a function, where the only difference in argument types is their position in this type hierarchy, as shown in Example 8-11. We declare a variable of type final_t
, then call the overloaded function. The instance of the function that is executed is the one that accepts a sub_t
parameter, because that type is closer to final_t
in the hierarchy than super_t
is.
Example 8-11 Resolving PL/SQL Functions With Inheritance
CREATE OR REPLACE TYPE super_t AS OBJECT (n NUMBER) NOT final; / CREATE OR REPLACE TYPE sub_t UNDER super_t (n2 NUMBER) NOT final; / CREATE OR REPLACE TYPE final_t UNDER sub_t (n3 NUMBER); / CREATE OR REPLACE PACKAGE p IS FUNCTION func (arg super_t) RETURN NUMBER; FUNCTION func (arg sub_t) RETURN NUMBER; END; / CREATE OR REPLACE PACKAGE BODY p IS FUNCTION func (arg super_t) RETURN NUMBER IS BEGIN RETURN 1; END; FUNCTION func (arg sub_t) RETURN NUMBER IS BEGIN RETURN 2; END; END; / DECLARE v final_t := final_t(1,2,3); BEGIN DBMS_OUTPUT.PUT_LINE(p.func(v)); -- prints 2 END; /
In Example 8-11, the choice of which instance to call is made at compile time. In Example 8-12, this choice is made dynamically. We declare v
as an instance of super_t
, but because we assign a value of sub_t
to it, the appropriate instance of the function is called. This feature is known as dynamic dispatch.
Example 8-12 Resolving PL/SQL Functions With Inheritance Dynamically
CREATE TYPE super_t AS OBJECT (n NUMBER, MEMBER FUNCTION func RETURN NUMBER) NOT final; / CREATE TYPE BODY super_t AS MEMBER FUNCTION func RETURN NUMBER IS BEGIN RETURN 1; END; END; / CREATE OR REPLACE TYPE sub_t UNDER super_t (n2 NUMBER, OVERRIDING MEMBER FUNCTION func RETURN NUMBER) NOT final; / CREATE TYPE BODY sub_t AS OVERRIDING MEMBER FUNCTION func RETURN NUMBER IS BEGIN RETURN 2; END; END; / CREATE OR REPLACE TYPE final_t UNDER sub_t (n3 NUMBER); / DECLARE v super_t := final_t(1,2,3); BEGIN DBMS_OUTPUT.PUT_LINE(v.func); -- prints 2 END; /
By default, stored procedures and SQL methods execute with the privileges of their owner, not their current user. Such definer's rights subprograms are bound to the schema in which they reside, allowing you to refer to objects in the same schema without qualifying their names. For example, if schemas HR
and OE
both have a table called departments
, a procedure owned by HR
can refer to departments
rather than HR.departments
. If user OE
calls HR
's procedure, the procedure still accesses the departments
table owned by HR
.
If you compile the same procedure in both schemas, you can define the schema name as a variable in SQL*Plus and refer to the table like &schema..departments
. The code is portable, but if you change it, you must recompile it in each schema.
A more maintainable way is to use the AUTHID
clause, which makes stored procedures and SQL methods execute with the privileges and schema context of the calling user. You can create one instance of the procedure, and many users can call it to access their own data.
Such invoker's rights subprograms are not bound to a particular schema. The following version of procedure create_dept
executes with the privileges of the calling user and inserts rows into that user's departments
table:
Example 8-13 Specifying Invoker's Rights With a Procedure
CREATE OR REPLACE PROCEDURE create_dept ( v_deptno NUMBER, v_dname VARCHAR2, v_mgr NUMBER, v_loc NUMBER) AUTHID CURRENT_USER AS BEGIN INSERT INTO departments VALUES (v_deptno, v_dname, v_mgr, v_loc); END; / CALL create_dept(44, 'Information Technology', 200, 1700);
Invoker's rights subprograms let you reuse code and centralize application logic. They are especially useful in applications that store data using identical tables in different schemas. All the schemas in one instance can call procedures owned by a central schema. You can even have schemas in different instances call centralized procedures using a database link.
Consider a company that uses a stored procedure to analyze sales. If the company has several schemas, each with a similar SALES
table, normally it would also need several copies of the stored procedure, one in each schema.
To solve the problem, the company installs an invoker's rights version of the stored procedure in a central schema. Now, all the other schemas can call the same procedure, which queries the appropriate to SALES
table in each case.
You can restrict access to sensitive data by calling from an invoker's rights subprogram to a definer's rights subprogram that queries or updates the table containing the sensitive data. Although multiple users can call the invoker's rights subprogram, they do not have direct access to the sensitive data.
To implement invoker's rights, use the AUTHID
clause, which specifies whether a subprogram executes with the privileges of its owner or its current user. It also specifies whether external references (that is, references to objects outside the subprogram) are resolved in the schema of the owner or the current user.
The AUTHID
clause is allowed only in the header of a standalone subprogram, a package spec, or an object type spec. In the CREATE FUNCTION
, CREATE PROCEDURE
, CREATE PACKAGE
, or CREATE TYPE
statement, you can include either AUTHID CURRENT_USER
or AUTHID DEFINER
immediately before the IS
or AS
keyword that begins the declaration section.
DEFINER
is the default option. In a package or object type, the AUTHID
clause applies to all subprograms.
Most supplied PL/SQL packages (such as DBMS_LOB
, DBMS_PIPE
, DBMS_ROWID
, DBMS_SQL
, and UTL_REF
) are invoker's rights packages.
In a sequence of calls, whenever control is inside an invoker's rights subprogram, the current user is the session user. When a definer's rights subprogram is called, the owner of that subprogram becomes the current user. The current user might change as new subprograms are called or as subprograms exit.
To verify who the current user is at any time, you can check the USER_USERS
data dictionary view. Inside an invoker's rights subprogram, the value from this view might be different from the value of the USER
built-in function, which always returns the name of the session user.
If you specify AUTHID
CURRENT_USER
, the privileges of the current user are checked at run time, and external references are resolved in the schema of the current user. However, this applies only to external references in:
SELECT
, INSERT
, UPDATE
, and DELETE
data manipulation statements
The LOCK
TABLE
transaction control statement
OPEN
and OPEN-FOR
cursor control statements
EXECUTE
IMMEDIATE
and OPEN-FOR-USING
dynamic SQL statements
For all other statements, the privileges of the owner are checked at compile time, and external references are resolved in the schema of the owner. For example, the assignment statement in Example 8-14 refers to the packaged function num_above_salary
in the emp_actions
package in Example 1-13. This external reference is resolved in the schema of the owner of procedure above_salary
.
Example 8-14 Resolving External References in an Invoker's Rights Subprogram
CREATE PROCEDURE above_salary (emp_id IN NUMBER) AUTHID CURRENT_USER AS emps NUMBER; BEGIN emps := emp_actions.num_above_salary(emp_id); DBMS_OUTPUT.PUT_LINE( 'Number of employees with higher salary: ' || TO_CHAR(emps)); END; / CALL above_salary(120);
The PL/SQL compiler must resolve all references to tables and other objects at compile time. The owner of an invoker's rights subprogram must have objects in the same schema with the right names and columns, even if they do not contain any data. At run time, the corresponding objects in the caller's schema must have matching definitions. Otherwise, you get an error or unexpected results, such as ignoring table columns that exist in the caller's schema but not in the schema that contains the subprogram.
Occasionally, you might want an unqualified name to refer to some particular schema, not the schema of the caller. In the same schema as the invoker's rights subprogram, create a public synonym for the table, procedure, function, or other object using the CREATE
SYNONYM
statement:
CREATE PUBLIC SYNONYM emp FOR hr.employees;
When the invoker's rights subprogram refers to this name, it will match the synonym in its own schema, which resolves to the object in the specified schema. This technique does not work if the calling schema already has a schema object or private synonym with the same name. In that case, the invoker's rights subprogram must fully qualify the reference.
To call a subprogram directly, users must have the EXECUTE
privilege on that subprogram. By granting the privilege, you allow a user to:
Call the subprogram directly
Compile functions and procedures that call the subprogram
For external references resolved in the current user's schema (such as those in DML statements), the current user must have the privileges needed to access schema objects referenced by the subprogram. For all other external references (such as function calls), the owner's privileges are checked at compile time, and no run-time check is done.
A definer's rights subprogram operates under the security domain of its owner, no matter who is executing it. The owner must have the privileges needed to access schema objects referenced by the subprogram.
You can write a program consisting of multiple subprograms, some with definer's rights and others with invoker's rights. Then, you can use the EXECUTE
privilege to restrict program entry points. That way, users of an entry-point subprogram can execute the other subprograms indirectly but not directly.
Suppose user UTIL
grants the EXECUTE
privilege on subprogram FFT
to user APP
:
GRANT EXECUTE ON util.fft TO app;
Now, user APP
can compile functions and procedures that call subprogram FFT
. At run time, no privilege checks on the calls are done. As Figure 8-2 shows, user UTIL
need not grant the EXECUTE
privilege to every user who might call FFT
indirectly.
Since subprogram util.fft
is called directly only from invoker's rights subprogram app.entry
, user util
must grant the EXECUTE
privilege only to user APP
. When UTIL.FFT
is executed, its current user could be APP
, SCOTT
, or BLAKE
even though SCOTT
and BLAKE
were not granted the EXECUTE
privilege.
Figure 8-2 Indirect Calls to an Invoker's Rights Subprogram
The use of roles in a subprogram depends on whether it executes with definer's rights or invoker's rights. Within a definer's rights subprogram, all roles are disabled. Roles are not used for privilege checking, and you cannot set roles.
Within an invoker's rights subprogram, roles are enabled (unless the subprogram was called directly or indirectly by a definer's rights subprogram). Roles are used for privilege checking, and you can use native dynamic SQL to set roles for the session. However, you cannot use roles to grant privileges on template objects because roles apply at run time, not at compile time.
For invoker's rights subprograms executed within a view expression, the schema that created the view, not the schema that is querying the view, is considered to be the current user. This rule also applies to database triggers.
You can create a database link to use invoker's rights:
CREATE DATABASE LINK link_name CONNECT TO CURRENT_USER
USING connect_string;
A current-user link lets you connect to a remote database as another user, with that user's privileges. To connect, Oracle uses the username of the current user (who must be a global user). Suppose an invoker's rights subprogram owned by user OE
references the following database link. If global user HR
calls the subprogram, it connects to the Dallas database as user HR
, who is the current user.
CREATE DATABASE LINK dallas CONNECT TO CURRENT_USER USING
...
If it were a definer's rights subprogram, the current user would be OE
, and the subprogram would connect to the Dallas database as global user OE
.
To define object types for use in any schema, specify the AUTHID
CURRENT_USER
clause. For information on object types, see Oracle Database Application Developer's Guide - Object-Relational Features.
Suppose user HR
creates the following object type:
Example 8-15 Creating an Object Type With AUTHID CURRENT USER
CREATE TYPE person_typ AUTHID CURRENT_USER AS OBJECT ( person_id NUMBER, person_name VARCHAR2(30), person_job VARCHAR2(10), STATIC PROCEDURE new_person_typ ( person_id NUMBER, person_name VARCHAR2, person_job VARCHAR2, schema_name VARCHAR2, table_name VARCHAR2), MEMBER PROCEDURE change_job (SELF IN OUT NOCOPY person_typ, new_job VARCHAR2) ); / CREATE TYPE BODY person_typ AS STATIC PROCEDURE new_person_typ ( person_id NUMBER, person_name VARCHAR2, person_job VARCHAR2, schema_name VARCHAR2, table_name VARCHAR2) IS sql_stmt VARCHAR2(200); BEGIN sql_stmt := 'INSERT INTO ' || schema_name || '.' || table_name || ' VALUES (HR.person_typ(:1, :2, :3))'; EXECUTE IMMEDIATE sql_stmt USING person_id, person_name, person_job; END; MEMBER PROCEDURE change_job (SELF IN OUT NOCOPY person_typ, new_job VARCHAR2) IS BEGIN person_job := new_job; END; END; /
Then, user HR
grants the EXECUTE
privilege on object type person_typ
to user OE
:
GRANT EXECUTE ON person_typ TO OE;
Finally, user OE
creates an object table to store objects of type person_typ
, then calls procedure new_person_typ
to populate the table:
CONNECT oe/oe; CREATE TABLE person_tab OF hr.person_typ; BEGIN hr.person_typ.new_person_typ(1001, 'Jane Smith', 'CLERK', 'oe', 'person_tab'); hr.person_typ.new_person_typ(1002, 'Joe Perkins', 'SALES','oe', 'person_tab'); hr.person_typ.new_person_typ(1003, 'Robert Lange', 'DEV','oe', 'person_tab'); END; /
The calls succeed because the procedure executes with the privileges of its current user (OE
), not its owner (HR
).
For subtypes in an object type hierarchy, the following rules apply:
If a subtype does not explicitly specify an AUTHID
clause, it inherits the AUTHID
of its supertype.
If a subtype does specify an AUTHID
clause, its AUTHID
must match the AUTHID
of its supertype. Also, if the AUTHID
is DEFINER
, both the supertype and subtype must have been created in the same schema.
An invoker's rights instance method executes with the privileges of the invoker, not the creator of the instance. Suppose that person_typ
is an invoker's rights object type as created in Example 8-15, and that user HR
creates p1
, an object of type person_typ
. If user OE
calls instance method change_job
to operate on object p1
, the current user of the method is OE
, not HR
, as shown in Example 8-16.
Example 8-16 Calling an Invoker's Rights Instance Methods
-- oe creates a procedure that calls change_job CREATE PROCEDURE reassign (p IN OUT NOCOPY hr.person_typ, new_job VARCHAR2) AS BEGIN p.change_job(new_job); -- executes with the privileges of oe END; / -- OE grants EXECUTE to HR on procedure reassign GRANT EXECUTE ON reassign to HR; CONNECT hr/hr -- user hr passes a person_typ object to the procedure reassign DECLARE p1 person_typ; BEGIN p1 := person_typ(1004, 'June Washburn', 'SALES'); oe.reassign(p1, 'CLERK'); -- current user is oe, not hr END; /
Recursion is a powerful technique for simplifying the design of algorithms. Basically, recursion means self-reference. In a recursive mathematical sequence, each term is derived by applying a formula to preceding terms. The Fibonacci sequence (0, 1, 1, 2, 3, 5, 8, 13, 21, ...), is an example. Each term in the sequence (after the second) is the sum of the two terms that immediately precede it.
In a recursive definition, something is defined as simpler versions of itself. Consider the definition of n factorial (n!), the product of all integers from 1 to n:
n! = n * (n - 1)!
A recursive subprogram is one that calls itself. Each recursive call creates a new instance of any items declared in the subprogram, including parameters, variables, cursors, and exceptions. Likewise, new instances of SQL statements are created at each level in the recursive descent.
Be careful where you place a recursive call. If you place it inside a cursor FOR
loop or between OPEN
and CLOSE
statements, another cursor is opened at each call, which might exceed the limit set by the Oracle initialization parameter OPEN_CURSORS
.
There must be at least two paths through a recursive subprogram: one that leads to the recursive call and one that does not. At least one path must lead to a terminating condition. Otherwise, the recursion would go on until PL/SQL runs out of memory and raises the predefined exception STORAGE_ERROR
.
Although PL/SQL is a powerful, flexible language, some tasks are more easily done in another language. Low-level languages such as C are very fast. Widely used languages such as Java have reusable libraries for common design patterns.
You can use PL/SQL call specs to invoke external subprograms written in other languages, making their capabilities and libraries available from PL/SQL. For example, you can call Java stored procedures from any PL/SQL block, subprogram, or package. For more information about Java stored procedures, see Oracle Database Java Developer's Guide.
If the following Java class is stored in the database, it can be called as shown in Example 8-17.
import java.sql.*;
import oracle.jdbc.driver.*;
public class Adjuster {
public static void raiseSalary (int empNo, float percent)
throws SQLException {
Connection conn = new OracleDriver().defaultConnection();
String sql = "UPDATE employees SET salary = salary * ?
WHERE employee_id = ?";
try {
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setFloat(1, (1 + percent / 100));
pstmt.setInt(2, empNo);
pstmt.executeUpdate();
pstmt.close();
} catch (SQLException e)
{System.err.println(e.getMessage());}
}
}
The class Adjuster
has one method, which raises the salary of an employee by a given percentage. Because raiseSalary
is a void
method, you publish it as a procedure using the call specification shown inExample 8-17 and then can call the procedure raise_salary
from an anonymous PL/SQL block.
Example 8-17 Calling an External Procedure From PL/SQL
CREATE OR REPLACE PROCEDURE raise_salary (empid NUMBER, pct NUMBER) AS LANGUAGE JAVA NAME 'Adjuster.raiseSalary(int, float)'; / DECLARE emp_id NUMBER := 120; percent NUMBER := 10; BEGIN -- get values for emp_id and percent raise_salary(emp_id, percent); -- call external subprogram END; /
Java call specs cannot be declared as nested procedures, but can be specified in object type specifications, object type bodies, PL/SQL package specifications, PL/SQL package bodies, and as top level PL/SQL procedures and functions.
Example 8-18 shows a call to a Java function from a PL/SQL procedure.
Example 8-18 Calling a Java Function From PL/SQL
-- the following nested Java call spec is not valid, throws PLS-00999 -- CREATE PROCEDURE sleep (milli_seconds in number) IS -- PROCEDURE java_sleep (milli_seconds IN NUMBER) AS ... -- first, create the Java call spec, then call from a PL/SQL procedure CREATE PROCEDURE java_sleep (milli_seconds IN NUMBER) AS LANGUAGE JAVA NAME 'java.lang.Thread.sleep(long)'; / CREATE PROCEDURE sleep (milli_seconds in number) IS -- the following nested PROCEDURE spec is not legal -- PROCEDURE java_sleep (milli_seconds IN NUMBER) -- AS LANGUAGE JAVA NAME 'java.lang.Thread.sleep(long)'; BEGIN DBMS_OUTPUT.PUT_LINE(DBMS_UTILITY.get_time()); java_sleep (milli_seconds); DBMS_OUTPUT.PUT_LINE(DBMS_UTILITY.get_time()); END; /
External C subprograms are used to interface with embedded systems, solve engineering problems, analyze data, or control real-time devices and processes. External C subprograms extend the functionality of the database server, and move computation-bound programs from client to server, where they execute faster. For more information about external C subprograms, see Oracle Database Application Developer's Guide - Fundamentals.
To be callable from SQL statements, a stored function (and any subprograms called by that function) must obey certain purity rules, which are meant to control side effects:
When called from a SELECT
statement or a parallelized INSERT
, UPDATE
, or DELETE
statement, the function cannot modify any database tables.
When called from an INSERT
, UPDATE
, or DELETE
statement, the function cannot query or modify any database tables modified by that statement.
When called from a SELECT
, INSERT
, UPDATE
, or DELETE
statement, the function cannot execute SQL transaction control statements (such as COMMIT
), session control statements (such as SET
ROLE
), or system control statements (such as ALTER
SYSTEM
). Also, it cannot execute DDL statements (such as CREATE
) because they are followed by an automatic commit.
If any SQL statement inside the function body violates a rule, you get an error at run time (when the statement is parsed).
To check for violations of the rules, you can use the pragma (compiler directive) RESTRICT_REFERENCES
. The pragma asserts that a function does not read or write database tables or package variables. For example, the following pragma asserts that packaged function credit_ok
writes no database state (WNDS
) and reads no package state (RNPS
):
CREATE PACKAGE loans AS FUNCTION credit_ok RETURN BOOLEAN; PRAGMA RESTRICT_REFERENCES (credit_ok, WNDS, RNPS); END loans; /
A static INSERT
, UPDATE
, or DELETE
statement always violates WNDS
. It also violates RNDS
(reads no database state) if it reads any columns. A dynamic INSERT
, UPDATE
, or DELETE
statement always violates WNDS
and RNDS
.
For syntax details, see "RESTRICT_REFERENCES Pragma". For more information about the purity rules, see Oracle Database Application Developer's Guide - Fundamentals.
To optimize a subprogram call, the PL/SQL compiler can choose between two methods of parameter passing. With the by-value method, the value of an actual parameter is passed to the subprogram. With the by-reference method, only a pointer to the value is passed; the actual and formal parameters reference the same item.
The NOCOPY
compiler hint increases the possibility of aliasing (that is, having two different names refer to the same memory location). This can occur when a global variable appears as an actual parameter in a subprogram call and then is referenced within the subprogram. The result is indeterminate because it depends on the method of parameter passing chosen by the compiler.
In Example 8-19, procedure ADD_ENTRY
refers to varray LEXICON
both as a parameter and as a global variable. When ADD_ENTRY
is called, the identifiers WORD_LIST
and LEXICON
point to the same varray.
Example 8-19 Aliasing from Passing Global Variable with NOCOPY Hint
DECLARE TYPE Definition IS RECORD ( word VARCHAR2(20), meaning VARCHAR2(200)); TYPE Dictionary IS VARRAY(2000) OF Definition; lexicon Dictionary := Dictionary(); PROCEDURE add_entry (word_list IN OUT NOCOPY Dictionary) IS BEGIN word_list(1).word := 'aardvark'; lexicon(1).word := 'aardwolf'; END; BEGIN lexicon.EXTEND; add_entry(lexicon); DBMS_OUTPUT.PUT_LINE(lexicon(1).word); END; /
The program prints aardwolf
if the compiler obeys the NOCOPY
hint. The assignment to WORD_LIST
is done immediately through a pointer, then is overwritten by the assignment to LEXICON
.
The program prints aardvark
if the NOCOPY
hint is omitted, or if the compiler does not obey the hint. The assignment to WORD_LIST
uses an internal copy of the varray, which is copied back to the actual parameter (overwriting the contents of LEXICON
) when the procedure ends.
Aliasing can also occur when the same actual parameter appears more than once in a subprogram call. In Example 8-20, n2
is an IN
OUT
parameter, so the value of the actual parameter is not updated until the procedure exits. That is why the first PUT_LINE
prints 10 (the initial value of n
) and the third PUT_LINE
prints 20. However, n3
is a NOCOPY
parameter, so the value of the actual parameter is updated immediately. That is why the second PUT_LINE
prints 30.
Example 8-20 Aliasing Passing Same Parameter Multiple Times
DECLARE n NUMBER := 10; PROCEDURE do_something ( n1 IN NUMBER, n2 IN OUT NUMBER, n3 IN OUT NOCOPY NUMBER) IS BEGIN n2 := 20; DBMS_OUTPUT.put_line(n1); -- prints 10 n3 := 30; DBMS_OUTPUT.put_line(n1); -- prints 30 END; BEGIN do_something(n, n, n); DBMS_OUTPUT.put_line(n); -- prints 20 END; /
Because they are pointers, cursor variables also increase the possibility of aliasing. In Example 8-21, after the assignment, emp_cv2
is an alias of emp_cv1
; both point to the same query work area. The first fetch from emp_cv2
fetches the third row, not the first, because the first two rows were already fetched from emp_cv1
. The second fetch from emp_cv2
fails because emp_cv1
is closed.
Example 8-21 Aliasing from Assigning Cursor Variables to Same Work Area
DECLARE TYPE EmpCurTyp IS REF CURSOR; c1 EmpCurTyp; c2 EmpCurTyp; PROCEDURE get_emp_data (emp_cv1 IN OUT EmpCurTyp, emp_cv2 IN OUT EmpCurTyp) IS emp_rec employees%ROWTYPE; BEGIN OPEN emp_cv1 FOR SELECT * FROM employees; emp_cv2 := emp_cv1; FETCH emp_cv1 INTO emp_rec; -- fetches first row FETCH emp_cv1 INTO emp_rec; -- fetches second row FETCH emp_cv2 INTO emp_rec; -- fetches third row CLOSE emp_cv1; DBMS_OUTPUT.put_line('The following raises an invalid cursor'); -- FETCH emp_cv2 INTO emp_rec; raises invalid cursor when get_emp_data is called END; BEGIN get_emp_data(c1, c2); END; /