parameterized-query

问题 I am currently learning parametrized queries as there are advantages to using them. Could someone give some pointers by converting this block of code to a parametrized version? Thanks. if(isset($_GET['news_art_id']) && (!empty($_GET['news_art_id']))) { $news_art_id = htmlentities(strip_tags($_GET['news_art_id'])); $news_art_id = validate_intval($news_art_id); //echo $news_art_id; $_SESSION['news_art_id'] = $news_art_id; // Assign value to status. $onstatus = 1; settype($onstatus, 'integer');

问题 I have a problem with dropping sqlite3 table in python. I am using standard sqlite3 module. self.conn = sqlite3.connect(...) sql = """ drop table ? """ self.conn.execute( sql, (u'table_name',) ) gives me OperationalError: near "?": syntax error When I change sql to: sql = """ drop table table_name """ it works fine. 回答1: You cannot use parameters for table names nor column names. Alternatively you could make it a two-step process, e.g.: sql = """ drop table %s """ % a_table_name self.conn

问题 I am trying to pass in a null value to a TSQLDataset parameter. The query has the form: Query_text:='MERGE INTO [Table] USING (VALUES (:A,:B)) AS Source (Source_A, Source_B) .... WHEN MATCHED THEN UPDATE SET A = :A WHEN NOT MATCHED THEN INSERT(A, B) VALUES (:A,:B); SQL_dataset.CommandType:=ctQuery; SQL_dataset.CommandText:=Query_text; SQL_dataset.ParamByName('A').AsString:='A'; SQL_dataset.ParamByName('B').AsString:={ COULD BE NULL, OR A STRING }; SQL_dataset.ExecSQL; Parameter B is nullable,

问题 I have a parameterised named Query like this : Query moveOutQuery = session.createSQLQuery(moveOutQueryStr.toString()) .addEntity(MyClass.class) .setParameter("assignmentStatus", Constants.CHECKED_OUT) I want to see the actual SQL query with parameters filled in. However while debugging I only get the following query: Select * from my_assignment WHERE assignment_status in ( :assignmentStatus ) Why isn't the assignmentStatus being substituted for its real value? 回答1: You may log each SQL to

问题 I am trying to use a simple MySQL insert query with the parameters in array form. It keeps telling me the number of parameters are wrong. I have tried the following, all producing the same error: $stmt3 = $link->prepare('INSERT INTO messages VALUES(null, :room, :name, :message, :time, :color)'); $stmt3->execute(array(':room' => $Clean['room'],':name' => $Clean['name'],':message' => $Clean['message'],':time' => $time,':color:' => $Clean['color'])); and $stmt3 = $link->prepare('INSERT INTO

问题 I've been trying to figure out why the following code is not generating any data in my ResultSet: String sql = "SELECT STUDENT FROM SCHOOL WHERE SCHOOL = ? "; PreparedStatement prepStmt = conn.prepareStatement(sql); prepStmt.setString(1, "Waterloo"); ResultSet rs = prepStmt.executeQuery(); On the other hand, the following runs properly: String sql = "SELECT STUDENT FROM SCHOOL WHERE SCHOOL = 'Waterloo' "; PreparedStatement prepStmt = conn.prepareStatement(sql); ResultSet rs = prepStmt

问题 I'm trying to insert a database record inside a loop in C#. It works when I hard code the values like this: string query3 = "INSERT INTO furniture (room_id,member_id) VALUES (222,333);"; SqlCommand cmd3 = new SqlCommand(query3, sqlConnection3); sqlConnection3.Open(); for (int i = 0; i < arrItemsPlanner.Length; i++) { try { cmd3.ExecuteNonQuery(); } catch { return "Error: Item could not be saved"; } finally { //Fail } } But when I use parameterised queries it doesn't work - even if I hard code

问题 PLEASE READ THE QUESTION CAREFULLY. It is not usual silly "my code doesn't work!!!" question. When I run this code with intended error try { $sth = $dbh->prepare("SELECT id FROM users WHERE name INN(?,?) "); $sth->execute(array("I'm","d'Artagnan")); } catch (PDOException $e) { echo $e->getMessage(); } I get this error message You have an error in your SQL syntax ... near 'INN('I\'m','d\'Artagnan')' at line 1 But I thought for years that query and data being sent to the server separately and

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 years ago . Could anyone give me examples of how to use parameterized queries with MySQL/PHP please? 回答1: A parameterized query is essentially a query which abstracts away all the input. This has several good side effects, like making all input harmless (ie. no harmful injections are possible) and making it faster when used

问题 I am trying to develop a spreadsheet that can locate corresponding records in an external data source. So, let's say I have Column A with a list of identity values. I want to develop Column B, which perhaps shows a count of rows in the table with that value. Something like: A B 758348 "=SELECT COUNT(*) FROM MYTABLE WHERE IDVALUE=$A$1" 173483 "=SELECT COUNT(*) FROM MYTABLE WHERE IDVALUE=$A$2" ... and so on. So, I thought I would use a parameterized query (where IDVALUE=?), but that prompts me