SQL - Parameter (Bind | Substitution) (Marker | Variable)

Data System Architecture

About

A parameter is placeholder in a prepared statement where value of data is replaced at runtime (ie when the program is running).

It permits to reuse the same statement with different value. See SQL - Prepared Statement

A parameter can be:

  • positional (The values are given by order)
  • or name (The values are given by name)

Bind parameters cannot be used to define table, view or column names (the structure of an SQL statement should remain).

They are used in the where predicate parts

Example with the question mark ? ansi character used to mark the parameter 

select columnName
from tableName
where 
   date_modified <= date(?,?,?,?) and
   foo = ?

Technology

Ansi

SQL - ANSI (American National Standards Institute) SQL (Standard|Reference|Specification) - SQL (92|99|2003|2011) 

select *
from items
where item = ?;

SQL Server

select *
from items
where item = @it;

Oracle

select *
from items
where item = :it ;

See also:




Discover More
GraphQL - Query

A query has the same function than a SQL request for a database but is written in a hierarchical format (ie GraphQL can nest queries, one by node). A GraphQL query is a string interpreted by a server...
Card Puncher Data Processing
How you can use a bind variable in SQLPlus

This page is specifically about the usage of SQL bind variable in SQLPlus.
Jdbc Class Architecture
JDBC - PreparedStatement (bind variable, parameter markers)

in JDBC. The PreparedStatement interface extends Statement. See also: Parameter markers, represented by “?” in the SQL string, are used to specify bind variable (input values) to the statement...
Data System Architecture
SQL - Prepared Statement

A prepared statement add the ability to set values for parameter markers contained within the statement. Prepared Statement represent SQL statements that can be: prepared, or precompiled, for execution...
SQL Injection

When the program create SQL statement with some input, an sql injection attack can modify the SQL behavior by injecting (ie modify it) a piece of SQL in the input. Below is an example of a SQL statement...
Sqlite Banner
Sqlite - Upsert

This page is the upsert statement in Sqlite The Sqlite upsert syntax can be found at Upsert. This page shows you some This example shows statement based...
Tpc H Schema
TPC - TPC-H Decision Support Benchmark Sample Schema

TPC-H is an ad-hoc, decision support benchmark. It consists of a suite of business oriented ad-hoc queries and concurrent data modifications. The TPC-H benchmark...
Java Conceptuel Diagram
Vert.x - SQL

SQL in Vertx known as Data Access : - connection pool, asynchronous API - - JDBC compliant database using an asynchronous...
What is a vulnerability?

A vulnerability is a vector of attack in software. For instance: encoding / escaping is not used on user information, ie: in SQL, not using the SQL parameters in HTML, not escaping user information...



Share this page:
Follow us:
Task Runner