May 2004
Intermediate to advanced
888 pages
22h 31m
English
When executing SQL code, it’s highly unlikely that the SQL statement values will be hard-coded as in Listing 19.2, which searched on Canadian customers. What if we wanted to search on German or Mexican customers? The query would have to somehow support dynamic specification of the search criteria. This is done through parameterized queries. In a parameterized query, a placeholder is put in the query statement where the hard-coded search criteria initially resided. Consider the following SQL statement:
c_cmd = 'SELECT * FROM customers WHERE country = @country
In this SQL statement, instead of hard-coding a country name, a parameter is specified using the at symbol (@) prefix to the parameter name (@country ...
Read now
Unlock full access