Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI SQL Commander Lite

TABLE OF CONTENTS

Parameterized queries

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedFeb 10, 2023
  • 1 minute read

PI SQL Commander Lite supports the use of parameterized queries. Use a parameterized query to be able to enter arguments for the query as a parameter at runtime instead in the query itself. Using a parameterized query reduces the risk of SQL injection attacks because the parameter input is interpreted as the data type required by the query. For example, if the query requires STRING data, then the input is interpreted as a STRING or rejected.

The following example shows a simple query that looks for one parameter. The parameter is indicated by ?.

SELECT *
FROM Master.Element.Attribute
WHERE Name = ?

The following example shows a simple query that looks for two parameters. The parameters are indicated by ?.

SELECT *
FROM Master.Element.Attribute
WHERE Name IN (?,?)

When these queries are executed, you are prompted to enter the arguments for the WHERE clause.

Related Links
TitleResults for “How to create a CRG?”Also Available in