How to check for valid oracle table name using sql/plsql

Question

I need to check if a string contains a valid Oracle table name using sql/plsql. The criteria I found for a Oracle table name are these:

The table name must begin with a letter.
The table name can not be longer than 30 characters.
The table name must be made up of alphanumeric characters or the following special characters: $, _, and #.
The table name can not be a reserved word.

Criteria 1,2,3 don't seem so hard to tackle. But what about point 4? What are my options without trying to actually create a table with the given name and then see if it succeeds or fails.

The rules are a little more complicated than rules 1-3, you can have nearly any string for a table as long as it is enclosed by double quotes (you can create a table with non-ASCII characters). You should use dbms_assert as suggested by Jim Hudson in place of rules 1-3 (in addition to check for reserved words). — Vincent Malgrat
– Vincent Malgrat, Commented Aug 21, 2009 at 14:36

Jim Hudson · Accepted Answer · 2009-08-21 14:15:51Z

7

Oracle has a built-in that's useful for checking whether a SQL Name is valid. That's especially useful when building dynamic queries where you need to prevent SQL Injection.

Check out the dbms_assert.simple_sql_name built-in, and see the Oracle white paper at How to Write Injection Proof PL/SQL for more details.

v$reserved_words is also useful, as others have noted.

answered Aug 21, 2009 at 14:15

Jim Hudson

8,0992 gold badges26 silver badges15 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Rob van Wijk Over a year ago

+1 For suggesting to use a builtin. Note that dbms_assert is only available in Oracle11.

Vincent Malgrat Over a year ago

Hi Rob, apparently the package was backported to all versions of Oracle (down to 8.1.7.4) in a patch in 2005 (to deal with SQL injection threats). It is definetely available on a new 10gR2 instance while at the same time absent from the 10gr2 doc. Cheers.

MT0 Oct 7 at 7:34

The link is dead.

Ian Carpenter · Accepted Answer · 2009-08-21 13:41:31Z

6

For SQL reserved words you can check v$reserved_words. Here the link from the documentation

answered Aug 21, 2009 at 13:41

Ian Carpenter

8,6566 gold badges55 silver badges86 bronze badges

1 Comment

jva Over a year ago

Sucks that in Oracle 9i this view contains only KEYWORD and LENGTH.

cagcowboy · Accepted Answer · 2009-08-21 13:40:08Z

0

I have a SQL_RESERVED_WORDS table that I check against.

EDIT:

(I lied... it was just a SYNONYMN for the table in carpenteri's post)

answered Aug 21, 2009 at 13:40

cagcowboy

31.1k11 gold badges75 silver badges95 bronze badges

Comments

Gren · Accepted Answer · 2009-08-21 13:42:25Z

0

It is a fairly large list to check. Can you simply add a default prefix to the tables and avoid these problems all together? user_xxx

answered Aug 21, 2009 at 13:42

Gren

5732 silver badges9 bronze badges

Collectives™ on Stack Overflow

How to check for valid oracle table name using sql/plsql

4 Answers 4

3 Comments

1 Comment

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

3 Comments

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related