Use of XECUTE
command can be used to execute arbitrary commands from, for instance, string
xecute "do ..something()"
However, this has both security and performance implications:
- Security: the command to be executed may be a user input; if validation is not performed thoroughly, malicious code may be executed.
- Performance: the string input needs to be constructed (if not a single string literal but a concatenation of strings, for instnace) and evaluated.
For these reasons, you should avoid using
XECUTE and use a
proper set of commands instead.