Parameterized Statements
The following code example shows how to bind parameters to create parameterized statements.
Binding Parameters
Use the SQLBindParameter function to bind the specified parameter position to the specified variable. Note that the parameter order starts at 1.
Example
The following example executes a parameterized SELECT and iterates over the results. You can use SQLExecDirect to execute any parameterized statement.
SQLHENV henv; SQLHDBC hdbc; SQLHSTMT hstmt; char sId[30] = {0}; SQLLEN cbsId = 0; char param[30] = {0}; strcpy(param, "00190000007ABC"); SQLLEN cbParam = SQL_NTS; if (SQLAllocHandle(SQL_HANDLE_ENV, 0 ,&henv) == SQL_SUCCESS) { SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (void*)SQL_OV_ODBC3, 0); if (SQLAllocHandle(SQL_HANDLE_DBC, henv ,&hdbc) == SQL_SUCCESS) { if (SQLConnect(hdbc, "CData FHIR Source", SQL_NTS, 0, 0, 0, 0) == SQL_SUCCESS) { if (SQLAllocHandle(SQL_HANDLE_STMT, hdbc ,&hstmt) == SQL_SUCCESS) { SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, 100, 0, (SQLPOINTER)param, 30, &cbParam); if (SQLExecDirect(hstmt, "SELECT Id FROM Patient WHERE [name-use] = ?", SQL_NTS) == SQL_SUCCESS) { while(SQLFetch(hstmt) == SQL_SUCCESS) { if (SQLGetData(hstmt, 1, SQL_C_CHAR, (SQLPOINTER)sId, 255, &cbsId) == SQL_SUCCESS) { printf("Id: %s\n", sId); } } } SQLFreeHandle(SQL_HANDLE_STMT, hstmt); } SQLDisconnect(hdbc); } SQLFreeHandle(SQL_HANDLE_DBC, hdbc); } SQLFreeHandle(SQL_HANDLE_ENV, henv); }