Parameterized SQL statement: Difference between revisions

Content added Content deleted
m (Use type inference. Wrap managed objects SqlConnection and SqlCommand in using statements to ensure they are closed on exiting method scope as per Microsoft docs https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlconnection)
m (syntax highlighting fixup automation)
Line 2: Line 2:


Using a SQL update statement like this one (spacing is optional):
Using a SQL update statement like this one (spacing is optional):
<lang sql>UPDATE players
<syntaxhighlight lang="sql">UPDATE players
SET name = 'Smith, Steve', score = 42, active = true
SET name = 'Smith, Steve', score = 42, active = true
WHERE jerseyNum = 99</lang>show how to make a parameterized SQL statement, set the parameters to the values given above, and execute the statement.
WHERE jerseyNum = 99</syntaxhighlight>show how to make a parameterized SQL statement, set the parameters to the values given above, and execute the statement.


<blockquote cite="http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/">Non-parameterized SQL is the GoTo statement of database programming. Don't do it, and make sure your coworkers don't either.</blockquote>
<blockquote cite="http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/">Non-parameterized SQL is the GoTo statement of database programming. Don't do it, and make sure your coworkers don't either.</blockquote>


=={{header|8th}}==
=={{header|8th}}==
<lang forth>\ assuming the var 'db' contains an opened database with a schema matching the problem:
<syntaxhighlight lang="forth">\ assuming the var 'db' contains an opened database with a schema matching the problem:
db @
db @
"UPDATE players SET name=?1,score=?2,active=?3 WHERE jerseyNum=?4"
"UPDATE players SET name=?1,score=?2,active=?3 WHERE jerseyNum=?4"
Line 21: Line 21:


\ execute the query
\ execute the query
db @ swap db:exec</lang>
db @ swap db:exec</syntaxhighlight>


=={{header|Ada}}==
=={{header|Ada}}==
<lang Ada>-- Version for sqlite
<syntaxhighlight lang="ada">-- Version for sqlite
with GNATCOLL.SQL_Impl; use GNATCOLL.SQL_Impl;
with GNATCOLL.SQL_Impl; use GNATCOLL.SQL_Impl;
with GNATCOLL.SQL.Exec; use GNATCOLL.SQL.Exec;
with GNATCOLL.SQL.Exec; use GNATCOLL.SQL.Exec;
Line 61: Line 61:
Free (Conn);
Free (Conn);
Free (DB_Descr);
Free (DB_Descr);
end Prepared_Query;</lang>
end Prepared_Query;</syntaxhighlight>


=={{header|Arturo}}==
=={{header|Arturo}}==


<lang rebol>; Helper functions
<syntaxhighlight lang="rebol">; Helper functions


createTable: function [][
createTable: function [][
Line 103: Line 103:
print ["getting user with name: JohnDoe =>" findUser "JohnDoe"]
print ["getting user with name: JohnDoe =>" findUser "JohnDoe"]


close db</lang>
close db</syntaxhighlight>


{{out}}
{{out}}
Line 119: Line 119:


Tested with gcc version 4.9.2 (Raspbian 4.9.2-10) and SQLite 3.8.7.1
Tested with gcc version 4.9.2 (Raspbian 4.9.2-10) and SQLite 3.8.7.1
<lang c>#include <stdio.h>
<syntaxhighlight lang="c">#include <stdio.h>
#include <stdlib.h>
#include <stdlib.h>
#include <sqlite3.h>
#include <sqlite3.h>
Line 232: Line 232:
}
}
printf("\n");
printf("\n");
}</lang>
}</syntaxhighlight>


{{out}}
{{out}}
Line 249: Line 249:


=={{header|C sharp|C#}}==
=={{header|C sharp|C#}}==
<lang csharp>using System.Data.Sql;
<syntaxhighlight lang="csharp">using System.Data.Sql;
using System.Data.SqlClient;
using System.Data.SqlClient;


Line 271: Line 271:
}
}
}
}
}</lang>
}</syntaxhighlight>


=={{header|C++}}==
=={{header|C++}}==
{{libheader|Qt}}
{{libheader|Qt}}
This example uses the Qt SQL module to access an ODBC data source.
This example uses the Qt SQL module to access an ODBC data source.
<lang cpp>#include <QtSql>
<syntaxhighlight lang="cpp">#include <QtSql>
#include <iostream>
#include <iostream>


Line 308: Line 308:
}
}
return 0;
return 0;
}</lang>
}</syntaxhighlight>


=={{header|Clojure}}==
=={{header|Clojure}}==
<lang clojure>(require '[clojure.java.jdbc :as sql])
<syntaxhighlight lang="clojure">(require '[clojure.java.jdbc :as sql])
; Using h2database for this simple example.
; Using h2database for this simple example.
(def db {:classname "org.h2.Driver"
(def db {:classname "org.h2.Driver"
Line 320: Line 320:


; As an alternative to update!, use execute!
; As an alternative to update!, use execute!
(sql/execute! db ["UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?" "Smith, Steve" 42 true 99])</lang>
(sql/execute! db ["UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?" "Smith, Steve" 42 true 99])</syntaxhighlight>


=={{header|F_Sharp|F#}}==
=={{header|F_Sharp|F#}}==
{{trans|C#}}
{{trans|C#}}
<lang fsharp>open System.Data.SqlClient
<syntaxhighlight lang="fsharp">open System.Data.SqlClient
[<EntryPoint>]
[<EntryPoint>]
Line 340: Line 340:
tCommand.ExecuteNonQuery() |> ignore
tCommand.ExecuteNonQuery() |> ignore
0</lang>
0</syntaxhighlight>


=={{header|Go}}==
=={{header|Go}}==
<lang go>package main
<syntaxhighlight lang="go">package main


import (
import (
Line 375: Line 375:
}
}
rows.Close()
rows.Close()
}</lang>
}</syntaxhighlight>
{{out}}
{{out}}
<pre>
<pre>
Line 386: Line 386:
Example uses the [http://hackage.haskell.org/package/HDBC <tt>HDBC</tt>] package:
Example uses the [http://hackage.haskell.org/package/HDBC <tt>HDBC</tt>] package:


<lang haskell>module Main (main) where
<syntaxhighlight lang="haskell">module Main (main) where


import Database.HDBC (IConnection, commit, run, toSql)
import Database.HDBC (IConnection, commit, run, toSql)
Line 405: Line 405:


main :: IO ()
main :: IO ()
main = undefined</lang>
main = undefined</syntaxhighlight>


You'll need an instance of a type with an instance for the <tt>IConnection</tt> type class in order to use this function, such as [http://hackage.haskell.org/package/HDBC-postgresql-2.3.2.5/docs/Database-HDBC-PostgreSQL.html#t:Connection <tt>Connection</tt>] from [http://hackage.haskell.org/package/HDBC-postgresql <tt>HDBC-postgresql</tt>].
You'll need an instance of a type with an instance for the <tt>IConnection</tt> type class in order to use this function, such as [http://hackage.haskell.org/package/HDBC-postgresql-2.3.2.5/docs/Database-HDBC-PostgreSQL.html#t:Connection <tt>Connection</tt>] from [http://hackage.haskell.org/package/HDBC-postgresql <tt>HDBC-postgresql</tt>].


=={{header|Huginn}}==
=={{header|Huginn}}==
<lang huginn>import Database as db;
<syntaxhighlight lang="huginn">import Database as db;
import Algorithms as algo;
import Algorithms as algo;
import FileSystem as fs;
import FileSystem as fs;
Line 450: Line 450:
}
}
return ( 0 );
return ( 0 );
}</lang>
}</syntaxhighlight>


=={{header|Java}}==
=={{header|Java}}==
<lang java>
<syntaxhighlight lang="java">
import java.sql.DriverManager;
import java.sql.DriverManager;
import java.sql.Connection;
import java.sql.Connection;
Line 489: Line 489:
}
}
}
}
</syntaxhighlight>
</lang>


=={{header|Julia}}==
=={{header|Julia}}==
Line 495: Line 495:


Uses the SQLite package.
Uses the SQLite package.
<lang julia>using SQLite
<syntaxhighlight lang="julia">using SQLite


name = "Smith, Steve"
name = "Smith, Steve"
Line 513: Line 513:


tbl = SQLite.query(db, "SELECT * from players")
tbl = SQLite.query(db, "SELECT * from players")
println(tbl)</lang>
println(tbl)</syntaxhighlight>




Line 524: Line 524:


=={{header|Kotlin}}==
=={{header|Kotlin}}==
<lang scala>// Version 1.2.41
<syntaxhighlight lang="scala">// Version 1.2.41


import java.sql.DriverManager
import java.sql.DriverManager
Line 547: Line 547:
}
}
conn.close()
conn.close()
}</lang>
}</syntaxhighlight>


=={{header|M2000 Interpreter}}==
=={{header|M2000 Interpreter}}==
<syntaxhighlight lang="m2000 interpreter">
<lang M2000 Interpreter>
Module Parametrized_Sql {
Module Parametrized_Sql {
Base "rosetta" ' warning erase database if found it in current directory
Base "rosetta" ' warning erase database if found it in current directory
Line 567: Line 567:
}
}
Parametrized_Sql
Parametrized_Sql
</syntaxhighlight>
</lang>


=={{header|Mathematica}}/{{header|Wolfram Language}}==
=={{header|Mathematica}}/{{header|Wolfram Language}}==
<lang Mathematica>Needs["DatabaseLink`"];
<syntaxhighlight lang="mathematica">Needs["DatabaseLink`"];
conn=OpenSQLConnection[JDBC["ODBC(DSN)","testdb"],"Username"->"John","Password"->"JohnsPassword"];
conn=OpenSQLConnection[JDBC["ODBC(DSN)","testdb"],"Username"->"John","Password"->"JohnsPassword"];
SQLExecute[conn,"UPDATE players SET name = `1`, score = `2`, active = `3` WHERE jerseyNum = `4`", {SQLArgument["Smith, Steve",42,True,99]}]
SQLExecute[conn,"UPDATE players SET name = `1`, score = `2`, active = `3` WHERE jerseyNum = `4`", {SQLArgument["Smith, Steve",42,True,99]}]
CloseSQLConnection[conn];</lang>
CloseSQLConnection[conn];</syntaxhighlight>


=={{header|NetRexx}}==
=={{header|NetRexx}}==
Using an [http://db.apache.org/derby/ Apache Derby] embedded database:
Using an [http://db.apache.org/derby/ Apache Derby] embedded database:
<lang NetRexx>/* NetRexx */
<syntaxhighlight lang="netrexx">/* NetRexx */
options replace format comments java crossref symbols nobinary
options replace format comments java crossref symbols nobinary


Line 716: Line 716:
method isFalse() public static returns boolean
method isFalse() public static returns boolean
return \isTrue
return \isTrue
</syntaxhighlight>
</lang>


=={{header|Nim}}==
=={{header|Nim}}==
Using an SQLite in memory database and "db_sqlite" high level binding from standard library.
Using an SQLite in memory database and "db_sqlite" high level binding from standard library.
<lang Nim>import db_sqlite
<syntaxhighlight lang="nim">import db_sqlite


let db = open(":memory:", "", "", "")
let db = open(":memory:", "", "", "")
Line 736: Line 736:
echo row
echo row


db.close()</lang>
db.close()</syntaxhighlight>


{{out}}
{{out}}
Line 742: Line 742:


=={{header|Objeck}}==
=={{header|Objeck}}==
<lang objeck>use IO;
<syntaxhighlight lang="objeck">use IO;
use ODBC;
use ODBC;


Line 760: Line 760:
};
};
}
}
}</lang>
}</syntaxhighlight>


=={{header|Pascal}}==
=={{header|Pascal}}==
Line 766: Line 766:
{{libheader|SQLite}}
{{libheader|SQLite}}
Tested with Free Pascal 2.6.4 (arm) and SQLite 3.8.7.1
Tested with Free Pascal 2.6.4 (arm) and SQLite 3.8.7.1
<lang pascal>program Parametrized_SQL_Statement;
<syntaxhighlight lang="pascal">program Parametrized_SQL_Statement;
uses
uses
sqlite3, sysutils;
sqlite3, sysutils;
Line 889: Line 889:
// Close the database connection.
// Close the database connection.
sqlite3_close(db);
sqlite3_close(db);
end.</lang>
end.</syntaxhighlight>
{{out}}
{{out}}
<pre>
<pre>
Line 905: Line 905:


=={{header|Perl}}==
=={{header|Perl}}==
<lang perl>use DBI;
<syntaxhighlight lang="perl">use DBI;


my $db = DBI->connect('DBI:mysql:mydatabase:host','login','password');
my $db = DBI->connect('DBI:mysql:mydatabase:host','login','password');
Line 911: Line 911:
$statment = $db->prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?");
$statment = $db->prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?");


$rows_affected = $statment->execute("Smith, Steve",42,'true',99);</lang>
$rows_affected = $statment->execute("Smith, Steve",42,'true',99);</syntaxhighlight>


=={{header|Phix}}==
=={{header|Phix}}==
{{libheader|SQLite}}
{{libheader|SQLite}}
<!--<lang Phix>(notonline)-->
<!--<syntaxhighlight lang="phix">(notonline)-->
<span style="color: #000080;font-style:italic;">--
<span style="color: #000080;font-style:italic;">--
-- demo\rosetta\Parameterized_SQL_statement.exw
-- demo\rosetta\Parameterized_SQL_statement.exw
Line 988: Line 988:
<span style="color: #000000;">sqlite3_close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">db</span><span style="color: #0000FF;">)</span>
<span style="color: #000000;">sqlite3_close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">db</span><span style="color: #0000FF;">)</span>
<!--</lang>-->
<!--</syntaxhighlight>-->
{{out}}
{{out}}
<pre>
<pre>
Line 1,004: Line 1,004:


=={{header|PHP}}==
=={{header|PHP}}==
<lang php>$updatePlayers = "UPDATE `players` SET `name` = ?, `score` = ?, `active` = ?\n".
<syntaxhighlight lang="php">$updatePlayers = "UPDATE `players` SET `name` = ?, `score` = ?, `active` = ?\n".
"WHERE `jerseyNum` = ?";
"WHERE `jerseyNum` = ?";
$dbh = new PDO( "mysql:dbname=db;host=localhost", "username", "password" );
$dbh = new PDO( "mysql:dbname=db;host=localhost", "username", "password" );
Line 1,019: Line 1,019:
// alternatively pass parameters as an array to the execute method
// alternatively pass parameters as an array to the execute method
$updateStatement = $dbh->prepare( $updatePlayers );
$updateStatement = $dbh->prepare( $updatePlayers );
$updateStatement->execute( array( "Smith, Steve", 42, 1, 99 ) );</lang>
$updateStatement->execute( array( "Smith, Steve", 42, 1, 99 ) );</syntaxhighlight>


=={{header|PicoLisp}}==
=={{header|PicoLisp}}==
As PicoLisp uses normal function calls for DB manipulations, parameters are always treated as plain data and are not executed.
As PicoLisp uses normal function calls for DB manipulations, parameters are always treated as plain data and are not executed.
<lang PicoLisp>(for P (collect 'jerseyNum '+Players 99)
<syntaxhighlight lang="picolisp">(for P (collect 'jerseyNum '+Players 99)
(put!> P 'name "Smith, Steve")
(put!> P 'name "Smith, Steve")
(put!> P 'score 42)
(put!> P 'score 42)
(put!> P 'active T) )</lang>
(put!> P 'active T) )</syntaxhighlight>


=={{header|PureBasic}}==
=={{header|PureBasic}}==
<lang PureBasic>UseSQLiteDatabase()
<syntaxhighlight lang="purebasic">UseSQLiteDatabase()


Procedure CheckDatabaseUpdate(database, query$)
Procedure CheckDatabaseUpdate(database, query$)
Line 1,081: Line 1,081:
Print(#CRLF$ + #CRLF$ + "Press ENTER to exit"): Input()
Print(#CRLF$ + #CRLF$ + "Press ENTER to exit"): Input()
CloseConsole()
CloseConsole()
EndIf</lang>
EndIf</syntaxhighlight>


Sample output:
Sample output:
Line 1,090: Line 1,090:
=={{header|Python}}==
=={{header|Python}}==
{{trans|Ruby}}
{{trans|Ruby}}
<lang python>import sqlite3
<syntaxhighlight lang="python">import sqlite3


db = sqlite3.connect(':memory:')
db = sqlite3.connect(':memory:')
Line 1,114: Line 1,114:
# and show the results
# and show the results
for row in db.execute('select * from players'):
for row in db.execute('select * from players'):
print(row)</lang>
print(row)</syntaxhighlight>
outputs
outputs
<pre>(u'Smith, Steve', 42, 1, 99)
<pre>(u'Smith, Steve', 42, 1, 99)
Line 1,122: Line 1,122:
{{works with|PostgreSQL}}
{{works with|PostgreSQL}}
{{libheader|sql db-lib}}
{{libheader|sql db-lib}}
<lang racket>
<syntaxhighlight lang="racket">
#lang racket/base
#lang racket/base
(require sql db)
(require sql db)
Line 1,145: Line 1,145:
'("Smith, Steve" 42 #t 99))
'("Smith, Steve" 42 #t 99))


</syntaxhighlight>
</lang>


=={{header|Raku}}==
=={{header|Raku}}==
(formerly Perl 6)
(formerly Perl 6)
<lang perl6>use DBIish;
<syntaxhighlight lang="raku" line>use DBIish;


my $db = DBIish.connect('DBI:mysql:mydatabase:host','login','password');
my $db = DBIish.connect('DBI:mysql:mydatabase:host','login','password');
Line 1,155: Line 1,155:
my $update = $db.prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?");
my $update = $db.prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?");


my $rows-affected = $update.execute("Smith, Steve",42,'true',99);</lang>
my $rows-affected = $update.execute("Smith, Steve",42,'true',99);</syntaxhighlight>


=={{header|Ruby}}==
=={{header|Ruby}}==
Using the {{libheader|sqlite3-ruby}} gem
Using the {{libheader|sqlite3-ruby}} gem
[[Category:SQLite]]
[[Category:SQLite]]
<lang ruby>require 'sqlite3'
<syntaxhighlight lang="ruby">require 'sqlite3'


db = SQLite3::Database.new(":memory:")
db = SQLite3::Database.new(":memory:")
Line 1,192: Line 1,192:


# and show the results
# and show the results
db.execute2('select * from players') {|row| p row}</lang>
db.execute2('select * from players') {|row| p row}</syntaxhighlight>
outputs
outputs
<pre>["name", "score", "active", "jerseyNum"]
<pre>["name", "score", "active", "jerseyNum"]
Line 1,201: Line 1,201:
=={{header|Run BASIC}}==
=={{header|Run BASIC}}==
{{incorrect|Run BASIC|Executing a NON-parameterized update DML. This solution is exactly the opposite of the task. This example is what is explicitly warned in the task.}}
{{incorrect|Run BASIC|Executing a NON-parameterized update DML. This solution is exactly the opposite of the task. This example is what is explicitly warned in the task.}}
<lang runbasic>sqliteconnect #mem, ":memory:"
<syntaxhighlight lang="runbasic">sqliteconnect #mem, ":memory:"
#mem execute("CREATE table players (name, score, active, jerseyNum)")
#mem execute("CREATE table players (name, score, active, jerseyNum)")
#mem execute("INSERT INTO players VALUES ('Jones, Bob',0,'N',99)")
#mem execute("INSERT INTO players VALUES ('Jones, Bob',0,'N',99)")
Line 1,223: Line 1,223:
print name$;chr$(9);score;chr$(9);active$;chr$(9);jerseyNum
print name$;chr$(9);score;chr$(9);active$;chr$(9);jerseyNum
WEND
WEND
end</lang>
end</syntaxhighlight>
<pre>Output
<pre>Output
Smith, Steve 42 TRUE 99
Smith, Steve 42 TRUE 99
Line 1,232: Line 1,232:
===Using [http://slick.lightbend.com/doc/3.2.3/introduction.html Slick] FRM===
===Using [http://slick.lightbend.com/doc/3.2.3/introduction.html Slick] FRM===
{{Out}}Best seen running in your browser [https://scastie.scala-lang.org/fJKRDaydSsGGlZQXJUhvxw Scastie (remote JVM)].
{{Out}}Best seen running in your browser [https://scastie.scala-lang.org/fJKRDaydSsGGlZQXJUhvxw Scastie (remote JVM)].
<lang Scala>import slick.jdbc.H2Profile.api._
<syntaxhighlight lang="scala">import slick.jdbc.H2Profile.api._
import slick.sql.SqlProfile.ColumnOption.SqlType
import slick.sql.SqlProfile.ColumnOption.SqlType


Line 1,288: Line 1,288:
} yield n), Duration.Inf)
} yield n), Duration.Inf)


}</lang>
}</syntaxhighlight>


=={{header|Seed7}}==
=={{header|Seed7}}==
Line 1,302: Line 1,302:
A column from a result row is retrieved with the function [http://seed7.sourceforge.net/libraries/sql_base.htm#column%28in_sqlStatement,in_integer,attr_integer%29 column].
A column from a result row is retrieved with the function [http://seed7.sourceforge.net/libraries/sql_base.htm#column%28in_sqlStatement,in_integer,attr_integer%29 column].


<lang seed7>$ include "seed7_05.s7i";
<syntaxhighlight lang="seed7">$ include "seed7_05.s7i";
include "sql_base.s7i";
include "sql_base.s7i";


Line 1,333: Line 1,333:
execute(testDb, "drop table players");
execute(testDb, "drop table players");
close(testDb);
close(testDb);
end func;</lang>
end func;</syntaxhighlight>


{{out}}
{{out}}
Line 1,342: Line 1,342:
=={{header|SQL}}==
=={{header|SQL}}==
{{works with|Oracle}}
{{works with|Oracle}}
<lang sql>-- This works in Oracle's SQL*Plus command line utility
<syntaxhighlight lang="sql">-- This works in Oracle's SQL*Plus command line utility


VARIABLE P_NAME VARCHAR2(20);
VARIABLE P_NAME VARCHAR2(20);
Line 1,381: Line 1,381:
commit;
commit;


select * from players;</lang>
select * from players;</syntaxhighlight>
{{Out}}
{{Out}}
<pre>SQL> SQL>
<pre>SQL> SQL>
Line 1,402: Line 1,402:
{{works with|Db2 LUW}}
{{works with|Db2 LUW}}
The following example is indeed parameterized SQL with named placeholders and it prevents SQL injections, and the SQL performs very well, because the execution plan is also precompiled.
The following example is indeed parameterized SQL with named placeholders and it prevents SQL injections, and the SQL performs very well, because the execution plan is also precompiled.
<lang sql pl>
<syntaxhighlight lang="sql pl">
--#SET TERMINATOR @
--#SET TERMINATOR @


Line 1,429: Line 1,429:


SELECT * FROM PLAYERS @
SELECT * FROM PLAYERS @
</syntaxhighlight>
</lang>
Output:
Output:
<pre>
<pre>
Line 1,468: Line 1,468:
=={{header|Tcl}}==
=={{header|Tcl}}==
{{works with|Tcl|8.6}}
{{works with|Tcl|8.6}}
<lang tcl>package require Tcl 8.6
<syntaxhighlight lang="tcl">package require Tcl 8.6


# These next two lines are the only ones specific to SQLite
# These next two lines are the only ones specific to SQLite
Line 1,489: Line 1,489:
# With apologies to http://xkcd.com/327/
# With apologies to http://xkcd.com/327/
setPlayer $db 76 -> "Robert'; DROP TABLE players--" 0 false
setPlayer $db 76 -> "Robert'; DROP TABLE players--" 0 false
$db close</lang>
$db close</syntaxhighlight>


=={{header|Wren}}==
=={{header|Wren}}==
{{libheader|Wren-sql}}
{{libheader|Wren-sql}}
An embedded program using our SQLite wrapper.
An embedded program using our SQLite wrapper.
<lang ecmascript>import "./sql" for Connection
<syntaxhighlight lang="ecmascript">import "./sql" for Connection


var db = Connection.open("rc.db")
var db = Connection.open("rc.db")
Line 1,522: Line 1,522:


System.print("\nAfter update:\n")
System.print("\nAfter update:\n")
db.printTable("SELECT * FROM players", widths)</lang>
db.printTable("SELECT * FROM players", widths)</syntaxhighlight>


{{out}}
{{out}}
Retrieved from "https://rosettacode.org/wiki/Parameterized_SQL_statement"