I'm supposed to write a stored procedure that will update a production database given a table name, column name, and value as inputs. This seems like a bad idea to me because of security, performance, and debugging issues, but my boss is pretty insistent.
Is it actually a bad idea? If so, is there somewhere authoritative I could go to prove it? I've searched the Oracle documentation but I can't find something that explicitly says to avoid this.
|