ABSTRACT
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database. Dynamically generated SQL statements are semantically changed by the attacker who adds code. The paper describes how, by following Oracle recommendations, we can write PL/SQL code that is resistant to SQL injection attacks.