Questions tagged [parameterized-query]

A pre-compiled and optimized SQL statement that can be executed multiple times by changing certain constant values during each execution. Often used to prevent SQL injection.

A parameterized query or prepared statement is a pre-compiled and optimized SQL statement that is in the form of a template where only certain constant values (parameters) can be changed. It can be executed multiple times by changing the parameters during each execution. A parameterized query looks like

SELECT itemName FROM Product WHERE manufactureDate BETWEEN ? AND ?

The ? are the parameters that subsituted with values provided during each execution. In the above examples they are the from date and to date.

The advantages of a parameterized query are

No compiling and optiming overhead for the subsequent executions of the statement
SQL Injection is not possible as they are sent to and parsed by the database server separately from any parameters

301 questions

votes

1 answer

parameterized query without preparing statement in PHP

Is there an API in MySQLi, PDO or in PHP that use parameterized query but not preparing it for recall later? I found it in ADO.NET when we dont call .Prepare() method of SQLParameter, but I didn't find this in PHP.

asked Apr 30 '11 at 09:41

ahoo

1,321
2
17
37

votes

2 answers

Is there a way to make Delphi's FireDAC recognize PostgreSQL positional parameters that FireDAC generated?

I am executing queries with named parameters from FireDAC to PostgreSQL 11 using the native FireDAC Postgres driver. During the prepare statement FireDAC converts the named parameters to positional parameters, which is correct. However, if I then…

postgresql delphi firedac delphi-10.3-rio parameterized-query

asked Jul 08 '19 at 16:13

Cary Jensen

3,751
3
32
55

votes

3 answers

Method Optimisation - C#

I've developed a method that allows me to pass in a table (string), array of columns (string) and array of values (object) through the parameters which I then use to create a parameterized query. Although it works fine the length of the code as well…

c# system.data.sqlite parameterized-query

asked Apr 01 '11 at 21:06

Jamie Keeling

9,806
17
65
102

votes

1 answer

NHibernate - How to log Named Parameterised Query with parameter values?

I have a parameterised named Query like this : Query moveOutQuery = session.createSQLQuery(moveOutQueryStr.toString()) .addEntity(MyClass.class) .setParameter("assignmentStatus", Constants.CHECKED_OUT) I want to see…

nhibernate named-query parameterized-query

asked Jan 14 '19 at 13:06

Zafar Nasim

votes

1 answer

parameterized query with where like clause

I am trying to perform parameterized query with where clause like I got no errors but I am not getting data but when I perform same query on sql server studio I got correct result what the wrong with it ? one last question in some case I would…

c# sql-server-2008-r2 .net-4.0 parameterized-query

asked Oct 05 '18 at 13:10

sam

2,493
6
38
73

votes

2 answers

Working on Google Bigquery. Not sure how to parameterize the below query or make it more clean

This is my query. In it, the objective is to obtain cohort retention. The results are perfect but I want to improve the quality of the code. Working on Google Bigquery. Not sure how to parameterize the below query or make it…

sql google-bigquery parameterized-query

asked Apr 19 '18 at 07:06

Maitrey

votes

1 answer

How to use SqlDataReader with a parametrized query in c#?

I'm looking at parameterized query questions I could not find an example of using SqlDataReader with a parameterized query to populate a drop down list. Right now I can populate my drop down just fine using my code here if (!this.IsPostBack) { …

c# sql-server sqldatareader parameterized-query

asked Oct 05 '17 at 03:11

nammrick

votes

1 answer

Achieve case insensitivity for cloudant queries

My query has the following selector, { "selector": { "_id": { "$gt": null }, "series": { "$regex": "(?i)mario" } } } Now, if I have a document with series = mario12, the above query is returning this document which…

cloudant case-insensitive parameterized-query

asked Jul 21 '17 at 03:25

swa

votes

2 answers

basics of parameterized query

I have used parameterized query number of times I know it helps in preventing SQL injection. But, I was wondering if I can know what is basic logic working inside a parameterized query to prevent SQL injection may be it is very simple but I don't…

asp.net sql parameterized-query

asked Dec 15 '10 at 05:01

user426306

votes

2 answers

Using Arithmetic in SQL on my own columns to fill a third column where it is zero. (complicated, only when certain criteria is met)

So here is my question. Brace yourself as it takes some thinking just to wrap your head around what I am trying to do. I'm working with Quarterly census employment and wage data. QCEW data has something called suppression codes. If a data…

sql-server if-statement math case parameterized-query

asked Mar 01 '17 at 13:32

J.Jack

votes

0 answers

Node-postgres parameterized queries with array parameter

I'm trying to execute this PSQL query to call a function and get a list of ids back. [This function works when run in PGAdmin as it should, verified by the ids coming back.] SELECT get_dataids( 'university', '2015-08-01', '2015-08-02', array…

javascript node.js postgresql parameterized-query node-postgres

asked Oct 20 '16 at 18:51

Kimberly

votes

1 answer

Parameterized Queries PHP insert

I'm trying to insert inputted data from a form into a MySQL database with php for a school project. If found a couple of examples, but can't get them to work. I did it without parameterized queries, and it worked fine. The code looked like…

php sql-injection sql-insert parameterized-query

asked May 22 '15 at 21:49

Anders

votes

1 answer

LINQ to SQL: ExecuteQuery not working when performing a parameterized query

I have a weird problem with ExecuteQuery in that it isn't working when performing a parameterized query. The following returns 1 record: db.ExecuteQuery(@"SELECT * FROM Member INNER JOIN…

linq-to-sql parameterized-query

asked May 27 '10 at 04:44

ajbeaven

9,265
13
76
121

votes

2 answers

Missing Required Parameter in Parameterized Query?

I am getting the following error trying to execute the code below No Value Given For One Or More Required Parameters. string paraName = "CONTROL"; string fullPathToExcel = @"C:\Users\xbbjn2h\Desktop\Mapping.xlsx"; string connString =…

c# oledb parameterized-query

asked Jan 18 '15 at 14:14

James Pilkington

votes

1 answer

Dynamically Bind Parameter PHP

This is my first foray into the world of stack overflow, I'm new to programming and could desperately use some assistance. I'm attempting to dynamically parameterize a mysqli DB query but keep getting an error saying "Wrong parameter count for…

php parameterized-query

asked Sep 09 '14 at 14:52

V.C.4

Prev 1 2 3

…

20 21 Next