When the CDS database view of a
client-specific CDS view is accessed using Native
SQL and the client handling of the view is specified by the annotation @ClientHandling.algorithm:#SESSION_VARIABLE, the
session variable$session.client is generally evaluated here. Only on
SAP HANA databases, is
an instance of this session variable is created as a HANA session variable CDS_CLIENT. Its current value is used here. On other platforms, there can be unexpected behavior or the program may crash.
Alongside ADBC, it is also possible to embed Native
SQL statically between EXEC SQL and
ENDEXEC in ABAP programs. The recommendation, however, is to use ADBC.
While the static embedding of Native SQL offers exclusively static access to the Native SQL interface, ADBC makes modern object-oriented and dynamic access possible.
New developments and improvements, such as optimized performance using bulk access across internal tables, are now made only for ADBC.
The existing static embedding of Native SQL statements is still supported but should no longer be used in new programs.
If used wrongly, dynamic programming techniques can present a serious security risk. Any dynamic
content that is passed to a program from the outside must be checked thoroughly or escaped before being
used in dynamic statements. This can be done using the system class CL_ABAP_DYN_PRG
or the predefined function escape.
To be sure of stopping SQL
injections in ADBC, no parts of an SQL command that is not an operand position can come from outside
of the program. Variable parts in operand positions can only be implemented using ?
placeholders and the associated SET_PARAM methods, which in ADBC are not just possible in prepared statements, unlike in JDBC.