Parameterized Statements
The following code example shows how to bind parameters to create parameterized statements.
Binding Parameters
Use the SQLBindParameter function to bind the specified parameter position to the specified variable. Note that the parameter order starts at 1.
Example
The following example executes a parameterized SELECT and iterates over the results. You can use SQLExecDirect to execute any parameterized statement.
SQLHENV henv; SQLHDBC hdbc; SQLHSTMT hstmt; char sInvoiceUniquifier[30] = {0}; SQLLEN cbsInvoiceUniquifier = 0; char param[30] = {0}; strcpy(param, "00190000007ABC"); SQLLEN cbParam = SQL_NTS; if (SQLAllocHandle(SQL_HANDLE_ENV, 0 ,&henv) == SQL_SUCCESS) { SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (void*)SQL_OV_ODBC3, 0); if (SQLAllocHandle(SQL_HANDLE_DBC, henv ,&hdbc) == SQL_SUCCESS) { if (SQLConnect(hdbc, "CData Sage300 Source", SQL_NTS, 0, 0, 0, 0) == SQL_SUCCESS) { if (SQLAllocHandle(SQL_HANDLE_STMT, hdbc ,&hstmt) == SQL_SUCCESS) { SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, 100, 0, (SQLPOINTER)param, 30, &cbParam); if (SQLExecDirect(hstmt, "SELECT InvoiceUniquifier FROM OEInvoices WHERE Allowpartialshipments = ?", SQL_NTS) == SQL_SUCCESS) { while(SQLFetch(hstmt) == SQL_SUCCESS) { if (SQLGetData(hstmt, 1, SQL_C_CHAR, (SQLPOINTER)sInvoiceUniquifier, 255, &cbsInvoiceUniquifier) == SQL_SUCCESS) { printf("InvoiceUniquifier: %s\n", sInvoiceUniquifier); } } } SQLFreeHandle(SQL_HANDLE_STMT, hstmt); } SQLDisconnect(hdbc); } SQLFreeHandle(SQL_HANDLE_DBC, hdbc); } SQLFreeHandle(SQL_HANDLE_ENV, henv); }