Reputation: 31
ORA-00904 when executing package from SELECT
trying to setup a specific security test case. The idea was to create a package that could be called from PL/SQL using a select statement. The package works and creates the table but when I run SELECT evil_pkg.CreateTab() FROM DUAL in Oracle SQL Developer I get
ORA-00904: "EVIL_PKG"."CREATETAB": invalid identifier 00904. 00000 - "%s: invalid identifier" *Cause:
*Action: Error at Line: 41 Column: 8
Is there any way this is possible to do? The aim here is to execute the package in this particular way, not just to execute the package.
This is the package:
--Specification
CREATE OR REPLACE PACKAGE evil_pkg AS
PROCEDURE CreateTab;
END evil_pkg;
/
--Body
CREATE OR REPLACE PACKAGE BODY evil_pkg AS
PROCEDURE CreateTab
AS
BEGIN
execute immediate 'CREATE TABLE my_evil_table (id number) ';
COMMIT ;
EXCEPTION
WHEN OTHERS THEN
DBMS_OUTPUT.PUT_LINE(SQLERRM);
DBMS_OUTPUT.PUT_LINE(DBMS_UTILITY.FORMAT_ERROR_BACKTRACE);
ROLLBACK;
RAISE;
END CreateTab;
END evil_pkg;
Upvotes: 0
Views: 2696
Answers (1)
Reputation: 4375
A procedure inside a package cannot be called from SQL.
If you convert your procedure into a function (that returns maybe a true or false or returns a value) then that can be called from sql.
You can see the discussion here as well to further your understanding.
Upvotes: 1
Related Questions
- ORA-00904: invalid identifier from PL/SQL code while the SQL part within works
- SQL Error: ORA-00904: "GENDER": invalid identifier 00904. 00000 - "%s: invalid identifier"
- ORA-00904: Invalid identifier when using dbms_random.value
- How to call a PL/SQL Procedure/Package over a Loopback Database Link?
- SQL Error: ORA-00904: "CNPPARMID": invalid identifier
- SQL- Invalid identifier when creating foreign key- SQL Error: ORA-00904
- SQL Error: ORA-00904: : invalid identifier 3
- How can I get "ORA-00904: : invalid identifier" from a valid package?
- Can someone help me with SQL Error: ORA-00904?
- SQL Error: ORA-00904: : invalid identifier in CREATE AS SELECT