Placeholders and Bind Values
Some drivers support placeholders and bind values. *Placeholders*,
+ also
called parameter markers, are used to indicate values in a databas
+e
statement that will be supplied later, before the prepared stateme
+nt is
executed. For example, an application might use the following to i
+nsert
a row of data into the SALES table:
INSERT INTO sales (product_code, qty, price) VALUES (?, ?, ?)
or the following, to select the description for a product:
SELECT description FROM products WHERE product_code = ?
The "?" characters are the placeholders. The association of actual
values with placeholders is known as *binding*, and the values are
referred to as *bind values*.
Note that the "?" is not enclosed in quotation marks, even when th
+e
placeholder represents a string. Some drivers also allow placehold
+ers
like ":"*name* and ":"*n* (e.g., ":1", ":2", and so on) in additio
+n to
"?", but their use is not portable.
With most drivers, placeholders can't be used for any element of a
statement that would prevent the database server from validating t
+he
statement and creating a query execution plan for it. For example:
"SELECT name, age FROM ?" # wrong (will probably fail)
"SELECT name, ? FROM people" # wrong (but may not 'fail')
Also, placeholders can only represent single scalar values. For ex
+ample,
the following statement won't work as expected for more than one v
+alue:
"SELECT name, age FROM people WHERE name IN (?)" # wrong
"SELECT name, age FROM people WHERE name IN (?,?)" # two names
When using placeholders with the SQL "LIKE" qualifier, you must re
+member
that the placeholder substitutes for the whole string. So you shou
+ld use
""... LIKE ? ..."" and include any wildcard characters in the valu
+e that
you bind to the placeholder.
-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply. |