Database.Prepare

From Xojo Documentation
Jump to: navigation, search
Method

Database.Prepare(statement as String) As PreparedSQLStatement

Creates a PreparedSQLStatement using the SQL statement for use with the various database prepared statement classes. A prepared statement is an SQL statement with parameters that has been pre-processed by the database so that it can be executed more quickly if it is re-used with different parameters. Prepared statements also mitigate the risk of SQL injection in web apps.

Notes

To create a prepared statement, you assign the value of Prepare to appropriate class for the database you are using.

Refer to the specific PreparedStatement class for the database you are using to learn how to specify and bind parameters:

If the provided SQL statement has an error, the Database.Error property does not get set to True until you call SQLSelect or SQLExecute.

SQL Injection is a way to attack database-driven applications.

Example

To create a prepared statement, you use the appropriate class for the database you are using. For example, do create a prepared statement for PostgreSQL:

// db is a previously connected PostgreSQLDatabase object

Dim ps As PostgreSQLPreparedStatement
ps = db.Prepare("SELECT * FROM Country WHERE code = $1")

See Also

MySQLPreparedStatement, OracleSQLPreparedStatement, PostgreSQLPreparedStatement, SQLitePreparedStatement, RealSQLPreparedStatement, ODBCPreparedStatement, MSSQLServerPreparedStatement, PreparedSQLStatement

Personal tools
Namespaces

Variants
Actions
Main
Content
Starting Out
Dig Deeper
More Help
Toolbox
About