Excel Add-In for Oracle

Build 23.0.8839

Executing Parameterized Queries

Parameterized queries can be reused and mitigate SQL injection attacks. You can execute SELECT and other SQL data manipulation statements as parameterized queries. Parameterized queries take arrays as input.

Example: Searching Oracle OCI

The following example macro executes a parameterized search: When you run the macro, you are prompted to enter a search value.

Sub DoSelectParams()
  On Error GoTo Error
  pCountry = InputBox("Country:", "Get Country")
  If pCountry = False Then
    Exit Sub
  End If
  Dim module As New ExcelComModule
  module.SetProviderName ("OracleOci")
  Cursor = Application.Cursor
  Application.Cursor = xlWait
  Dim nameArray
  nameArray = Array("CountryParam")
  Dim valueArray
  valueArray = Array(pCountry)
  Query = "SELECT CompanyName, City FROM \"CData\".\"SYSTEM\".Customers WHERE Country = @CountryParam"
  module.SetConnectionString ("User=scott;Password=tiger;Server=127.0.0.1;Port=1521;")
  If module.Select(Query, nameArray, valueArray) Then
    Dim ColumnCount As Integer
    ColumnCount = module.GetColumnCount
    For Count = 0 To ColumnCount - 1
      Application.ActiveSheet.Cells(1, Count + 1).Value = module.GetColumnName(Count)
    Next

    Dim RowIndex As Integer
    RowIndex = 2
    While (Not module.EOF)
      For columnIndex = 0 To ColumnCount - 1
        If Conversion.CInt(module.GetColumnType(columnIndex)) = Conversion.CInt(vbDate) And Not IsNull(module.GetValue(columnIndex)) Then
          Application.ActiveSheet.Cells(RowIndex, columnIndex + 1).Value = Conversion.CDate(module.GetValue(columnIndex))
        Else
          Application.ActiveSheet.Cells(RowIndex, columnIndex + 1).Value = module.GetValue(columnIndex)
        End If
      Next
      module.MoveNext
      RowIndex = RowIndex + 1
    Wend
    MsgBox "The SELECT query was successful."
  Else
    MsgBox "The SELECT query failed."
  End If
  module.Close
  Application.Cursor = Cursor
  Exit Sub
Error:
    MsgBox "ERROR: " & Err.Description
    module.Close
    Application.Cursor = Cursor
  End Sub

Copyright (c) 2024 CData Software, Inc. - All rights reserved.
Build 23.0.8839