Parameterized Statements
The following code example shows how to bind parameters to create parameterized statements.
Binding Parameters
Use the SQLBindParameter function to bind the specified parameter position to the specified variable. Note that the parameter order starts at 1.
Example
The following example executes a parameterized SELECT and iterates over the results. You can use SQLExecDirect to execute any parameterized statement.
SQLHENV henv; SQLHDBC hdbc; SQLHSTMT hstmt; char sSiteId[30] = {0}; SQLLEN cbsSiteId = 0; char param[30] = {0}; strcpy(param, "00190000007ABC"); SQLLEN cbParam = SQL_NTS; if (SQLAllocHandle(SQL_HANDLE_ENV, 0 ,&henv) == SQL_SUCCESS) { SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (void*)SQL_OV_ODBC3, 0); if (SQLAllocHandle(SQL_HANDLE_DBC, henv ,&hdbc) == SQL_SUCCESS) { if (SQLConnect(hdbc, "CData OracleHCM Source", SQL_NTS, 0, 0, 0, 0) == SQL_SUCCESS) { if (SQLAllocHandle(SQL_HANDLE_STMT, hdbc ,&hstmt) == SQL_SUCCESS) { SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, 100, 0, (SQLPOINTER)param, 30, &cbParam); if (SQLExecDirect(hstmt, "SELECT SiteId FROM RecruitingCESites WHERE SiteName = ?", SQL_NTS) == SQL_SUCCESS) { while(SQLFetch(hstmt) == SQL_SUCCESS) { if (SQLGetData(hstmt, 1, SQL_C_CHAR, (SQLPOINTER)sSiteId, 255, &cbsSiteId) == SQL_SUCCESS) { printf("SiteId: %s\n", sSiteId); } } } SQLFreeHandle(SQL_HANDLE_STMT, hstmt); } SQLDisconnect(hdbc); } SQLFreeHandle(SQL_HANDLE_DBC, hdbc); } SQLFreeHandle(SQL_HANDLE_ENV, henv); }