SQL - Parameter (Bind | Substitution) (Marker | Variable)

Data System Architecture


A parameter is placeholder in a prepared statement where value of data is replaced at runtime (ie when the program is running).

It permits to reuse the same statement with different value. See SQL - Prepared Statement

A parameter can be:

  • positional (The values are given by order)
  • or name (The values are given by name)

Bind parameters cannot be used to define table, view or column names (the structure of an SQL statement should remain).

They are used in the where predicate parts

Example with the question mark ? ansi character used to mark the parameter

select columnName
from tableName
   date_modified <= date(?,?,?,?) and
   foo = ?



SQL - ANSI (American National Standards Institute) SQL (Standard|Reference|Specification) - SQL (92|99|2003|2011)

select *
from items
where item = ?;

SQL Server

select *
from items
where item = @it;


select *
from items
where item = :it ;

See also:

Discover More
GraphQL - Query

A query has the same function as a SQL query for a database but is written in a hierarchical format (ie GraphQL can nest queries, one by node). A GraphQL query is a string interpreted by a server that...
Card Puncher Data Processing
How you can use a bind variable in SQLPlus

This page is specifically about the usage of SQL bind variable in SQLPlus.
Jdbc Class Architecture
JDBC - PreparedStatement (bind variable, parameter markers)

in JDBC. The PreparedStatement interface extends Statement. See also: Parameter markers, represented by “?” in the SQL string, are used to specify bind variable (input values) to the statement...
Data System Architecture
SQL - Prepared Statement

A prepared statement add the ability to set values for parameter markers contained within the statement. Prepared Statement represent SQL statements that can be: prepared, or precompiled, for execution...
SQL Injection

When the program create SQL statement with some input, an sql injection attack can modify the SQL behavior by injecting (ie modify it) a piece of SQL in the input. Below is an example of a SQL statement...
Sqlite Banner
Sqlite - Upsert

This page is the upsert statement in Sqlite The Sqlite upsert syntax can be found at Upsert. This page shows you some This example shows statement based...
Tpc H Schema
TPC - TPC-H Decision Support Benchmark Sample Schema

TPC-H is an ad-hoc, decision support benchmark. It consists of a suite of business oriented ad-hoc queries and concurrent data modifications. The TPC-H benchmark...
Java Conceptuel Diagram
Vert.x - SQL

SQL in Vertx known as Data Access : - connection pool, asynchronous API - - JDBC compliant database using an asynchronous...
What is a vulnerability?

A vulnerability is a vector of attack in software. For instance: encoding / escaping is not used on user information, ie: in SQL, not using the SQL parameters in HTML, not escaping user information...

Share this page:
Follow us:
Task Runner