ABAP Keyword Documentation →  ABAP Programming Guidelines →  Robust ABAP →  Dynamic Programming Techniques → 

Using Dynamic Programming Techniques

Background

The use of dynamic programming techniques includes the following:

In this sense, handling reference variables can also be considered a dynamic technique. The dynamic type (the object to which the reference refers) can be more specific than the static type of the variable, which entails polymorphic behavior and becomes apparent during assignments in the form upcasts or downcasts.

Rule

Use dynamic programming techniques with care

Use dynamic programming techniques only when this is necessary and reasonable. Use only as many dynamic language elements as required to carry out the assigned task.

Details

The advantage of dynamic programming techniques is an increased flexibility when creating programs. Dynamic programming techniques enable flexible and generic services to be developed that meet various requirements. The price to be paid for this advantage is that dynamic programming techniques may decrease the static checkability, legibility, maintainability, testability, performance, and also security. Security standards may even prohibit the use of high-risk dynamic programming techniques.

This section describes various dynamic programming techniques. These range from using strings, which we explicitly recommend, and using internal tables, which form a basis of ABAP programming, to generating entire programs, which we advise against. The higher the dynamics, the more comprehensive the precautionary measures to be taken when using these techniques. Already the simple access to data objects involves a corresponding partial aspect, which was addressed in the rule for Runtime Errors when Accessing Data Objects. The rules in this section extend such specific rules and provide a more general framework.

Always consider the following aspects when deploying dynamic techniques:

If used wrongly, dynamic programming techniques can present a serious security risk. Any dynamic content that is passed to a program from the outside must be checked thoroughly or escaped before being used in dynamic statements. This can be done using the system class CL_ABAP_DYN_PRG or the predefined function escape.

The significance of these aspects differs for the various dynamic programming techniques. For example, a program that uses strings is by no means more complex than a program that works only with text fields. In such a case, a range of details must nevertheless be taken into account.