SQL_SET_QUERY_PARAMETER¶
Applies to: ORAFlex SQLFlex MYSQLFlex PGFlex DB2Flex
Use this command to set the value of the parameters that are defined in your SQL Query. Each backend uses a different syntax for paramterized queries, but all have the same goal of removing the risk of SQL Injection attacks. Oracle and PostgreSQL allow for named parameters which this command supports by passing the first parameter as a string containing the named parameter (without the syntactical sugar). For MS SQL and MySQL only positional parameters are supported and the first parameter to this command should be an integer containing the ordinal position of the parameter.
@Assumptions
Syntax
SQL_SET_QUERY_PARAMETER {param} to {variable}
Parameter |
Description |
|---|---|
param |
Either a string containing the named parameter or an integer of it’s ordinal position. |
variable/constant |
Variable or constant holding the parameter to be passed. |
Example
SQL_SET_STMT "Select name from Customer where status = ? and city = ?"
SQL_SET_QUERY_PARAMETER 1 to "Y"
SQL_SET_QUERY_PARAMETER 2 to "Fresno"
SQL_EXECUTE_STMT