Questions tagged [parameterized-query]

A pre-compiled and optimized SQL statement that can be executed multiple times by changing certain constant values during each execution. Often used to prevent SQL injection.

A parameterized query or prepared statement is a pre-compiled and optimized SQL statement that is in the form of a template where only certain constant values (parameters) can be changed. It can be executed multiple times by changing the parameters during each execution. A parameterized query looks like

SELECT itemName FROM Product WHERE manufactureDate BETWEEN ? AND ?

The ? are the parameters that subsituted with values provided during each execution. In the above examples they are the from date and to date.

The advantages of a parameterized query are

No compiling and optiming overhead for the subsequent executions of the statement
SQL Injection is not possible as they are sent to and parsed by the database server separately from any parameters

301 questions

votes

1 answer

select , update Query c# error

I am importing excel file into sql database.Working code I am Using is: public static void ImportToSql(string excelfilepath) { string ssqltable = "Inventory"; string myexceldataquery = "select LocalSKU,QOH from…

c# sql .net parameterized-query

asked Apr 02 '14 at 17:57

user2525244

votes

1 answer

Import Excel .xslx file into sql server : difficulty in updating table

I am importing excel file into sql server datatbase. The code works fine but the way I am doing currently is deleting (clear the table) the table data. string ssqltable = "tStudent"; string myexceldataquery = "select…

c# sql sql-server parameterized-query dynamicquery

asked Apr 01 '14 at 22:11

user2525244

votes

1 answer

php parameterized query on filtered query

I am building a query based on filters that are being applied by the user. Everything works the way I want to with pulling the data. I have come now to the point of security. How can I make this secure when my "WHERE" could have multiple filters…

php sql-injection parameterized-query

asked Mar 04 '14 at 20:40

1wayrocker

votes

1 answer

Why parameterized query doesn't work although the procedure works fine

I use the following method to calculate data: public static int PrepareData(int year, int month, int calcYear) { using (IfxConnection con = new IfxConnection(ConfigurationManager.ConnectionStrings["testable"].ToString())) …

c# asp.net ado.net informix parameterized-query

asked Feb 25 '14 at 10:13

Anyname Donotcare

11,113
66
219
392

votes

2 answers

ASP.NET Database error

I am trying to follow a tutorial online and I have followed the steps exactly however i keep getting an error when trying to write to a database. Here Is the code for a simple form @{ var name = string.Empty; var email = string.Empty; var subject =…

sql database null sql-insert parameterized-query

asked Jan 09 '14 at 20:23

psycho

1,539
4
20
36

votes

2 answers

PDO parameterized query not returning anything

I am converting old mysql_query code to PDO parameterized queries. Here's what I have so far. It doesn't seem to return anything. I have tried the same query in phpmyadmin, and in the old code with the same input, and the query returns rows those…

php mysql pdo parameterized-query

asked Dec 06 '13 at 16:19

yesman

7,165
15
52
117

votes

1 answer

Is it possible to have multiple OUTPUT keywords in an SQL Parameterized Query?

I'm building a generic parameterized query (INSERT, or UPDATE) and I'm using parameters for the inserted columns (in the INSERT query) and parameters for the updated columns and the where clause columns (in the UPDATE query). In either case, I also…

c# sql sql-server parameterized-query

asked Nov 15 '13 at 01:18

user2320724

votes

0 answers

SQL MAX Date Getting Last Transction between dates

I'd like to get the last transaction for a cardnumber between a given date with additional criteria. Select * from table WHERE date <= '6/30/2012' and Type = 'D' Data: CardNumber FirstName Date Type 1 John …

sql database date parameterized-query

asked Nov 12 '13 at 00:25

user697698

votes

0 answers

asp.net remove apostrophe from parameterized query

MySqlParameter[] sqlParams = new MySqlParameter[] { new MySqlParameter { ParameterName = "@ParameterValue", Value = someValue} }; actual value of someValue is ('1', '2', '3', '4') but when it goes through parameterized query the value turns to…

asp.net parameterized-query

asked Nov 05 '13 at 09:43

Seehyung Lee

votes

1 answer

Why my query doesn't update the table with my input parameters?

I don't know why the following query doesn't executed with my expected parameters !! cmdTxt.Append("UPDATE sd32depart SET currentcredit = currentcredit + ? WHERE year = ? AND main_code = ? "); paramList.Add("currentcredit",…

c# asp.net ado.net informix parameterized-query

asked Oct 10 '13 at 08:55

Anyname Donotcare

11,113
66
219
392

votes

4 answers

PHPMySQL: How to determine if value already exists in database

I have a form button that I need to do two different things, based on user input and whether that input already exists in my database. If the input DOES NOT exist, then the button will create a new record. If it DOES exist, then the existing record…

php mysql pdo parameterized-query

asked Sep 26 '13 at 19:50

Chris

votes

0 answers

Handling date in a query using specific regional settings

I am bit rusty with MS Access ADO OleDb Queries, so hopefully someone can help. I have a DateTime field in MSAccess which stores both date and time. I would like to return all records that are in provided date range, and I would like to group by…

c# ms-access oledb parameterized-query

asked Sep 26 '13 at 17:02

Goran

6,328
6
41
86

votes

3 answers

having an issue with sqLite param queries not working as expected

So can someone tell me why the commented out works while last two lines does not? I am returning a row from a sqLite database using compact framework c#.. //String sqlcomm = "SELECT * FROM Asset WHERE " + assetColName + " = \'" +…

c# sqlite compact-framework parameterized-query

asked Sep 24 '13 at 23:34

Tyler Buchanan

votes

1 answer

Single SELECT with linked server makes multiple SELECT by ID

This is my issue. I defined a linked server, let's call it LINKSERV, which has a database called LINKDB. In my server (MYSERV) I've got the MYDB database. I want to perform the query below. SELECT * FROM LINKSERV.LINKDB.LINKSCHEMA.LINKTABLE …

sql sql-server-2008-r2 linked-server parameterized-query

asked Sep 06 '13 at 15:46

ufo

votes

1 answer

How can I pass multiple named parameters using ODBC to a DB2 database

I have to query a DB2 database using an existing ODBC connection. Executing simple queries works as expected, but as soon as I try to execute a parameterised query it doesn't work: SELECT ColumnA, ColumnB FROM MyTable WHERE ColumnA =…

db2 odbc parameterized-query

asked Aug 26 '13 at 08:59

Gorgsenegger

7,356
4
51
89

Prev 1 2 3

…

20 21 Next