G-8310: Always validate input parameter size by assigning the parameter to a size limited variable in the declaration section of program unit.
Minor
Maintainability, Reliability, Reusability, Testability
Reason
This technique raises an error (value_error) which may not be handled in the called program unit. This is the right way to do it, as the error is not within this unit but when calling it, so the caller should handle the error.
Example (bad)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | create or replace package body department_api is function dept_by_name (in_dept_name in department.department_name%type) return department%rowtype is l_return department%rowtype; begin if in_dept_name is null or length(in_dept_name) > 20 then raise err.e_param_to_large; end if; -- get the department by name select * from department where department_name = in_dept_name; return l_return; end dept_by_name; end department_api; / |
Example (good)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | create or replace package body department_api is function dept_by_name (in_dept_name in department.department_name%type) return department%rowtype is l_dept_name department.department_name%type not null := in_dept_name; l_return department%rowtype; begin -- get the department by name select * from department where department_name = l_dept_name; return l_return; end dept_by_name; end department_api; / |
Function call
1 2 3 4 5 | ... r_deparment := department_api.dept_by_name('Far to long name of a department'); ... exception when value_error then ... |