• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

SQL placeholders

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    SQL placeholders

    Are way too limited!

    Why can't I do this (bold are bits used for placing params):

    select * from TableName_@param1 where Domain='@param2'


    #2
    Now you are just being silly.

    SQL has an ANSI std and that is not in it.

    You can do it using proprietary extensions that allow dynamic SQL execution and other well know means.

    Watch out for SQL injection flaws when using dynamic SQL.

    Comment


      #3
      This functionality is not exposed to anything that can inject that kind of stuff, @param1 is integer anyway.

      Seems like I will have to manually interpolate @param1 here and then prepare statement using placeholder in place of @param2 - SQLite shown to use a LOT of CPU preparing statements all the time because they used crappy slow .NET's regular expressions.

      Comment


        #4
        Which SQLite provider are you using? The Finisar one or the one for .NET 2.0?

        Comment


          #5
          I am still on Finisar, but I believe placeholders wise it is fundamendal issue that they can't have the kind of stuff above - they want to compile statement fully, so table name should be known in advance, will have to change it the same way I do now for each query, but then prepare it (once table name is known during batch inserts) and use that prepared statement.

          Also ?nnn placeholders don't seem to work in it

          Comment


            #6
            Originally posted by AtW
            I am still on Finisar, but I believe placeholders wise it is fundamendal issue that they can't have the kind of stuff above - they want to compile statement fully, so table name should be known in advance, will have to change it the same way I do now for each query, but then prepare it (once table name is known during batch inserts) and use that prepared statement.

            Also ?nnn placeholders don't seem to work in it
            Haven't you just answered your own question of why?

            Comment


              #7
              Originally posted by DimPrawn
              Haven't you just answered your own question of why?
              They could have made it more powerful while still providing benefits of parsing query only once, just leave table name resolves and stuff like that until the last moment.

              Comment


                #8
                They could have made Biztalk able to use xls files but they didn't.

                NOW GET OVER IT!!!

                Comment


                  #9
                  Ze swines.

                  Comment


                    #10
                    Originally posted by DimPrawn
                    They could have made Biztalk able to use xls files but they didn't.
                    Yes they did. XLS files are only a custom adaptor away.

                    Comment

                    Working...
                    X