The DBMS_ASSERT package was introduced in Oracle 10g Release 2 and backported to Release 1 in the Oracle October 2005 Critical Patch Update. There are currently no references to this package in the 10g Release 2 documentation or on Metalink. The package contains a number of functions that can be used to sanitize user input and help to guard against SQL injection in applications that don't use bind variables.
Enquotes a string literal
Encloses a name in double quotes
Returns the value without any checking
Verifies that the input string is a qualified SQL name
Verifies that the input string is an existing schema name
Verifies that the input string is a simple SQL name
Verifies that the input parameter string is a qualified SQL identifier of an existing SQL object
It is this DBMS_Assert Package that that guarantees immunity to SQL Injection.