Anonymous user
Parameterized SQL statement: Difference between revisions
→{{header|SQL PL}}
Line 1,178:
The following example is indeed parameterized SQL with named placeholders and it prevents SQL injections, and the SQL performs very well, because the execution plan is also precompiled.
<lang sql pl>
--#SET TERMINATOR @
CREATE TABLE PLAYERS (
NAME VARCHAR(32),
Line 1,198 ⟶ 1,200:
INSERT INTO PLAYERS VALUES ('Pele', '1280', 0, 10) @
CALL UPDATE_PLAYER ('Maradona', '600', 1, 10) @
SELECT * FROM PLAYERS @
</lang>
Line 1,225 ⟶ 1,229:
db2 => INSERT INTO PLAYERS VALUES ('Pele', '1280', 0, 10) @
DB20000I The SQL command completed successfully.
db2 => CALL UPDATE_PLAYER ('Maradona', '600', 1, 10) @
Return Status = 0
db2 => SELECT * FROM PLAYERS @
|