The body consists or declaration section, execution section and exception section similar to a general PL/SQL Block.
A procedure is similar to an anonymous PL/SQL Block but it is named for repeated usage.
Secondly, the use of parameter markers greatly reduces the opportunity for any SQL injection threat to occur. INTO form doesn’t work in dynamic SQL, so you must use a cursor.
So that’s how we can dynamically handle direct “set at a time” updates and deletes. So imagine that in the example we just looked at, rather than updating all rows that met the WHERE clause selection criteria immediately, there was a bit more RPG logic that had to take place before the update happened (e.g., perhaps a user must manually enter the information about how much each employee’s salary change would be).
Note that parameter markers can’t be used with the EXECUTE IMMEDIATE statement.
This approach does require a little more code—at least in this example—but it provides two advantages.
In that case, the statements could look something like this: D Select Stmt C 'SELECT Name, Dept, Hire Date, D Job, Sal FROM Empl Table WHERE ' D For Update C ' For Update of Sal' Select; When Upd By Dept; Stmt = Select Stmt 'Dept = ?