Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ Plant SCADA

TABLE OF CONTENTS

SQLAppend

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedJul 17, 2025
  • 2 minute read

Appends a query string to the SQL buffer. Cicode cannot send an SQL query that is longer than 255 characters. If you have an SQL query that is longer than the 255 character limit, you can split the query into smaller strings, and use this function to append the query in the SQL buffer.

This function can be called in the foreground or background.

Queries which are built on the basis of user data, for example inputed by users via graphics pages or forms, may be prone to SQL Injection attacks. In such case, try to limit the risk by using Cicode functions from parameterized queries group and refer to a professional advice in this matter.

NOTICE

SECURITY BREACH VIA SQL INJECTION

  • Verify that any user inputs match the expected format for the associated data type.

  • Use parameterized SQL or stored procedures.

  • Use a limited access account to connect to the database.

Failure to follow these instructions can result in equipment damage.

Building queries from pieces (SQLSet, SQLAppend) or adding parameters to either queries or connections (SQLParam functions) requires a few calls to respective CiCode functions. If a few functions try to manipulate the same connection in the same time some conflicts and unintended operations may occur. It is a typical multithreading problem.

To avoid this, instead of manipulating connections, consider using locally created and locally disposed queries. For example:

int function SAFE_SQL_CICODE_MULTITHREAD_USE()
//locally created query
int hStmt = SQLQueryCreate(hConnection);

//Set the query
SQLSet(hStmt, "select * from TAB where NAME=@Name");

//Add parameters to the query
SQLParamsSetAsString(hStmt, "Name", "Aaa");

//Execute the query
SQLGetRecordset(hStmt, "");

//the locally created query is disposed
SQLQueryDispose(hStmt);
End

Syntax

SQLAppend(hGeneral, String)

hGeneral:

The handle either to the DB connection object (returned from either SQLCreate or SQLConnect function) or to the query handle (returned from SQLQueryCreate). When it is the connection handle, the operation is performed on the default query in that DB connection object. When it is the query handle, the operation is performed on that query through the DB object which is associated to it.

String:

The query string to append to the SQL buffer.

Return Value

0 (zero) if successful, otherwise an error number is returned. For details of the 307 error code, call the SQLErrMsg function.

Related Functions

SQLSet, SQLBeginTran, SQLCommit, SQLConnect, SQLDisconnect, SQLEnd, SQLErrMsg

Example

See SQLSet.

See Also

SQL Functions

In This Topic
Related Links
TitleResults for “How to create a CRG?”Also Available in