ApEx:SQL injection

Don't use substitution variables & but bind variables :

References

At KScope 2013, a presentation was given about SQL Injection in Oracle APEX applications. The two demonstrations given during this presentation are available as videos:

• [1] APEX SQL Injection demonstration 1 (dynamic SQL and SQLMAP)
• [2] APEX SQL Injection demonstration 2 (substitution variables and manual exploitation)