I have created a procedure using the following code using iSQL Plus on Firefox. The procedure compiles successfully.
create or replace procedure get_staff (
product_no in varchar2,
o_cursor out sys_refcursor)
is
begin
open o_cursor for
'select sr.name, sr.bonus from sales_staff sr inner join product p on p.sales_staff_id = sr.staff_id where product_no = ' || product_no ;
end;
I am trying to call this procedure using the following code
var rc refcursor
exec get_staff('A56',:rc)
print rc
I get the following error.
ERROR at line 1:
ORA-00904: "A56": invalid identifier
ORA-06512: at "AA2850.GET_STAFF", line 6
ORA-06512: at line 1
ERROR:
ORA-24338: statement handle not executed
SP2-0625: Error printing variable "rc"
in the case you have, there's no need for dynamic sql:
open o_cursor for
select sr.name, sr.bonus
from sales_staff sr
inner join product p
on p.sales_staff_id = sr.staff_id
where p.product_no = product_no;
if you were using dynamic SQL then ideally you would in most cases want to bind:
open o_cursor for
'select sr.name, sr.bonus
from sales_staff sr
inner join product p
on p.sales_staff_id = sr.staff_id
where p.product_no = :b1' using product_no;
failing that (edge cases, sometimes you want to avoid bind variables for skewed data), varchar2s need enclosing in quotes:
open o_cursor for
'select sr.name, sr.bonus
from sales_staff sr
inner join product p
on p.sales_staff_id = sr.staff_id
where p.product_no = ''' ||product_no||'''';
but you should escape single quotes and validate that product_no has no semi colons etc (i.e. careful of SQL injection)