Specifying Parameters in SQL Statement Strings
Go Up to Writing an API Application to Process SQL Statements
SQL statement strings often include value parameters, expressions that evaluate to a single numeric or character value. Parameters can be used anywhere in statement strings where SQL expects a value that is not the name of a database object.
A value parameter in a statement string can be passed as a constant, or passed as a placeholder at runtime. For example, the following statement string passes 256 as a constant:
char *str = "DELETE FROM CUSTOMER WHERE CUST_NO = 256";
It is also possible to build strings at runtime from a combination of constants. This method is useful for statements where the variable is not a true constant, or it is a table or column name, and where the statement is executed only once in the application.
To pass a parameter as a placeholder, the value is passed as a question mark (?) embedded within the statement string:
char *str = "DELETE FROM CUSTOMER WHERE CUST_NO = ?";
When a DSQL function processes a statement containing a placeholder, it replaces the question mark with a value supplied in an extended SQL descriptor area (XSQLDA) previously declared and populated in the application. Use placeholders in statements that are prepared once, but executed many times with different parameter values.
Replaceable value parameters are often used to supply values in SQL SELECT statement WHERE clause comparisons and in the UPDATE statement SET clause.