oracle dynamic sql evaluate expression in where clause

Question

I am trying to pass an expression into the WHERE clause of my query using dynamic SQL. The expression can contain multiple filters/columns.

Similar to other posts on SO, the following (example 1) works:

DECLARE
    where_expression VARCHAR2(40) := q'[filter_column = 'some_value')]';
    plsql_block VARCHAR2(500);

BEGIN
    plsql_block := 'SELECT column FROM mytable';

    EXECUTE IMMEDIATE plsql_block || ' WHERE ' || where_expression;

END;
/

And this approach (example 2) using placeholders does not work:

DECLARE
    where_expression VARCHAR2(40) := q'[filter_column = 'some_value')]';
    plsql_block VARCHAR2(500);

BEGIN
    plsql_block := 'SELECT column FROM mytable WHERE :a';

    EXECUTE IMMEDIATE plsql_block USING where_expression;

END;
/

Oracle returns an error: ORA-00920: invalid relational operator at line 8 (EXEC statement).

What am I doing wrong in example 2 and what's the correct way with placeholders?

Answer 1

What am I doing wrong in example 2 and what's the correct way with placeholders?

The placeholder syntax is for passing values to be checked when the statement is executed. The expected usage is something like this:

DECLARE
    v_out_1     varchar2(32);
    v_out_2     varchar2(32);
    plsql_block VARCHAR2(500);

BEGIN
    plsql_block := 'SELECT column FROM mytable WHERE filter_column = :a';

    EXECUTE IMMEDIATE plsql_block INTO v_out_1 USING 'some value';

    EXECUTE IMMEDIATE plsql_block INTO v_out_2 USING 'another value';
END;
/

Answer 2

Whitelist the possible filter columns in a CASE expression:

DECLARE
  v_out        VARCHAR2(32);
  column_name  VARCHAR2(30) := 'COLUMN1';
  column_value VARCHAR2(30) := 'value1';
  sql          VARCHAR2(500);
BEGIN
  sql := 'SELECT column
          FROM   mytable
          WHERE  CASE :name
                 WHEN ''COLUMN1'' THEN column1
                 WHEN ''COLUMN2'' THEN column2
                 WHEN ''COLUMN3'' THEN column3
                 END = :value';

  EXECUTE IMMEDIATE sql INTO v_out USING column_name, column_value;
END;
/