This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Choose Language Hide Translation Bar
0 Kudos

Provide a mechanism for parameterized SQL queries

Status: New Submitted by on ‎11-03-2021 01:11 PM
Comment

ODBC libraries typically provide the ability to create parameterized queries that pass the query and parameters to the database separately.  This basically eliminates the risk of SQL injection attacks, but is also very convenient from a programming standpoint.  Because JMP has ODBC queries, it should also have parameterized queries so that you can do:

 

Execute SQL(database, 
    "Select * from Employees where Name like ? and Status=?",
    "BobList", 
    {"Bob", "Active"}
);

pyodbc's parameterized queries:

https://github.com/mkleehammer/pyodbc/wiki/Getting-started#parameters

 

The .NET ecosystem's parameterized queries:

https://docs.microsoft.com/en-us/dotnet/api/system.data.odbc.odbccommand.parameters?redirectedfrom=M...

 

See more ideas labeled with: