Parameterized Queries v4.1.6.1
A parameterized query
is a query with one or more parameter markers embedded in the SQL statement. Before executing a parameterized query, you must supply a value for each marker found in the text of the SQL statement.
Parameterized queries are useful when you don't know the complete text of a query at the time you write your code. For example, the value referenced in a WHERE
clause may be calculated from user input.
As demonstrated in the following example, you must declare the data type of each parameter specified in the parameterized query by creating an EDBParameter
object and adding that object to the command's parameter collection. Then, you must specify a value
for each parameter by calling the parameter's Value()
function.
The example demonstrates use of a parameterized query with an UPDATE
statement that increases an employee salary:
Save the sample code in a file in a web root directory named:
updateSalary.aspx
To invoke the sample code, open a web-browser, and browse to:
http://localhost/updateSalary.aspx