SQL placeholders

**DimPrawn** · 27 November 2006, 11:33

Now you are just being silly.

SQL has an ANSI std and that is not in it.

You can do it using proprietary extensions that allow dynamic SQL execution and other well know means.

Watch out for SQL injection flaws when using dynamic SQL.

**AtW** · 27 November 2006, 11:37

This functionality is not exposed to anything that can inject that kind of stuff, @param1 is integer anyway.

Seems like I will have to manually interpolate @param1 here and then prepare statement using placeholder in place of @param2 - SQLite shown to use a LOT of CPU preparing statements all the time because they used crappy slow .NET's regular expressions.

**DimPrawn** · 27 November 2006, 11:38

Which SQLite provider are you using? The Finisar one or the one for .NET 2.0?

**AtW** · 27 November 2006, 11:41

I am still on Finisar, but I believe placeholders wise it is fundamendal issue that they can't have the kind of stuff above - they want to compile statement fully, so table name should be known in advance, will have to change it the same way I do now for each query, but then prepare it (once table name is known during batch inserts) and use that prepared statement.

Also ?nnn placeholders don't seem to work in it

**DimPrawn** · 27 November 2006, 12:06

Originally posted by AtW

I am still on Finisar, but I believe placeholders wise it is fundamendal issue that they can't have the kind of stuff above - they want to compile statement fully, so table name should be known in advance, will have to change it the same way I do now for each query, but then prepare it (once table name is known during batch inserts) and use that prepared statement.

Also ?nnn placeholders don't seem to work in it

Haven't you just answered your own question of why?

**AtW** · 27 November 2006, 12:08

Originally posted by DimPrawn

Haven't you just answered your own question of why?

They could have made it more powerful while still providing benefits of parsing query only once, just leave table name resolves and stuff like that until the last moment.

**DimPrawn** · 27 November 2006, 12:09

They could have made Biztalk able to use xls files but they didn't.

NOW GET OVER IT!!!

**AtW** · 27 November 2006, 12:10

Ze swines.

**Joe Black** · 27 November 2006, 18:40

Originally posted by DimPrawn

They could have made Biztalk able to use xls files but they didn't.

Yes they did. XLS files are only a custom adaptor away.

SQL placeholders