Parameterized Statements
The following code example shows how to bind parameters to create parameterized statements.
Binding Parameters
Use the SQLBindParameter function to bind the specified parameter position to the specified variable. Note that the parameter order starts at 1.
Example
The following example executes a parameterized SELECT and iterates over the results. You can use SQLExecDirect to execute any parameterized statement.
SQLHENV henv; SQLHDBC hdbc; SQLHSTMT hstmt; char sName[30] = {0}; SQLLEN cbsName = 0; char param[30] = {0}; strcpy(param, "CustomerId"); SQLLEN cbParam = SQL_NTS; if (SQLAllocHandle(SQL_HANDLE_ENV, 0 ,&henv) == SQL_SUCCESS) { SQLSetEnvAttr(henv, SQL_ATTR_ODBC_VERSION, (void*)SQL_OV_ODBC3, 0); if (SQLAllocHandle(SQL_HANDLE_DBC, henv ,&hdbc) == SQL_SUCCESS) { if (SQLConnect(hdbc, "CData GoogleSpanner Source", SQL_NTS, 0, 0, 0, 0) == SQL_SUCCESS) { if (SQLAllocHandle(SQL_HANDLE_STMT, hdbc ,&hstmt) == SQL_SUCCESS) { SQLBindParameter(hstmt, 1, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, 100, 0, (SQLPOINTER)param, 30, &cbParam); if (SQLExecDirect(hstmt, "SELECT Name FROM [CData].[GoogleSpanner].Customer WHERE CustomerId = ?", SQL_NTS) == SQL_SUCCESS) { while(SQLFetch(hstmt) == SQL_SUCCESS) { if (SQLGetData(hstmt, 1, SQL_C_CHAR, (SQLPOINTER)sName, 255, &cbsName) == SQL_SUCCESS) { printf("Name: %s\n", sName); } } } SQLFreeHandle(SQL_HANDLE_STMT, hstmt); } SQLDisconnect(hdbc); } SQLFreeHandle(SQL_HANDLE_DBC, hdbc); } SQLFreeHandle(SQL_HANDLE_ENV, henv); }