Dynamic SQL in application code is INCORRECTLY used 99% of the time.
What makes you think that your approach and code are the 1% exception in this case?
Keep in mind that data models are STATIC. Not dynamic. Which begs the question what your app code is doing with dynamic SQL?
If you want a reporting engine/framework that can be applied to any application (and data model), then consider a proper framework such as http://apex.oracle.com - instead of trying (and failing) using dynamic SQL, and creating security holes ripe for SQL injection.
Thanks for a quick response
I agree with you. I am building an application in Oracle Apex for Developers only and not for general users. Where they might be passing some Dynamic Query.
Apex handles dynamic SQL pretty well - e.g. for a classic report you can supply a user function that needs to be called at run-time, that returns a SQL text statement (with Apex item and session bind variables) for the reporting region to execute and render.
The bad idea (which I unfortunately seen way more than I like) is to use a dynamic PL/SQL region, chucking a dynamic SQL in there, and adding code to dynamically render the SQL's output as a HTML table of sorts. Maintenance nightmare. Defies basic Apex theme and CSS standards. And often quite dangerous security wise.
I suggest posting the requirement behind this "let's use dynamic SQL" to Oracle Application Express (APEX) and see what the forum members can contribute ito a technical solution.