How To : Using SQL Prepared Statements
Contents |
[edit] Description
This document describes how to use prepared statements.
[edit] Prerequisites
Connecting to an SQL Database
Creating a Class to Contain Row Data from an SQL Table
Logging in to an SQL Database
Adding CRUD Operations to a Class
[edit] Procedure
The SQLConnection Runtime Type described in the Prerequisite documents contains a function named escapeQuery which will build an SQL query using a prepared statement and a collection of arguments to the SQL statement. The escapeQuery function will also escape each argument in the collection as it builds the final query.
The following screen shot shows how to use a prepared statement, preparedStatement.
- Create an expression containing the text of your prepared statement using '?' (quotes required) to represent each argument that you will pass to the statement.
- Build a collection of strings, where each element in your collection is an argument, with the order of elements matching the order that the arguments will be passed to the prepared statement.
- Call SQLConnection's escapeQuery passing the prepared statement, the argument collection and a sting to contain the final query.
The following screen shot shows the buildArgCollection function used above. Notice that we converted due_date and done to strings before adding them to the collection.
[edit] Error Handling